Use JS script to modify registry related settings (ActiveX, etc.) that control ie

Use JS script to modify registry related settings (ActiveX, etc.) that control IECategory: PHP2012-12-05 18:51 2035 people read Comments (2) favorite reports

Script syntax:

<script language= "JavaScript" >
<!--
var wshshell=new activexobject ("Wscript.Shell");

//Add Trust site IP
wshshell.regwrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\ Zonemap\\ranges\\range100\\ "," ");
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\ZoneMap\\Ranges\\ Range100\\http "," 2 "," REG_DWORD ");
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\ZoneMap\\Ranges\\ Range100\\:range "," 192.168.0.1 ");
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\ZoneMap\\Ranges\\ Range101\\ "," ");
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\ZoneMap\\Ranges\\ Range101\\http "," 2 "," REG_DWORD ");
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\ZoneMap\\Ranges\\ Range101\\:range "," 192.168.0.2 ");

Modify IE ActiveX security settings
XSS filtering disabled
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\Zones\\3\\1409", "3", " REG_DWORD ");
Eject block disable
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\Zones\\3\\2301", "3", " REG_DWORD ");
File Download Enabled
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\Zones\\3\\1803", "0", " REG_DWORD ");
Clipboard programming Enabled
WshShell.RegWrite ("Hkcu\\software\\microsoft\\windows\\currentversion\\internet Settings\\Zones\\3\\1407", "0", " REG_DWORD ");

Disable XINXP pop-up Blocker
WshShell.RegWrite ("Hkcu\\software\\microsoft\\internet explorer\\new windows\\popupmgr", "no");
Alert ("Active control security settings, pop-up window settings, set success");
-
</SCRIPT>

Related parameters:

Trust the site's registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\ranges\range[*]
Registry entries for ActiveX
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zones\[0-4]\[*]
[0-4] Value setting
0 My Computer
1 Local Intranet Zone
2 Trusted Sites Zone
3 Internet Zone
4 Restricted Sites Zone

. NET Framework
XAML Browser Application: (3= disabled, 0 = enabled, 1 = hint) "2400" =dword:00000000;
XPS Document: (3= disabled, 0 = enabled, 1 = hint) "2401" =dword:00000000;
Loose XAML: (3= disabled, 0 = enabled, 1 = hint) "2402" =dword:00000000;

. NET Framework-related components
Components with permission to manifest: (3= disabled, 10000 = High Security Level) "" "=dword:00010000;
Run components that are not signed with Authenticode: (3= disabled, 0 = enabled, 1 = prompt) "2004" =DWORD:00000000;
Run a component that has been signed with Authenticode: (3= disabled, 0 = enabled, 1 = prompt) "2001" =DWORD:00000000;

ActiveX controls and plug-ins
ActiveX controls automatically prompt for: (3= disabled, 0 = enabled) "2201" =dword:00000000;  
Script ActiveX controls marked as safe to execute: (3= disabled, 0 = enabled, 1 = hint) "1405" =dword:00000000; The
initializes and executes scripts for ActiveX controls that are not marked as safe to execute: (3= disabled, 0 = enabled, 1 = hint) "1201" =dword:00000000;
Binary and Scripting behavior: (3= disabled, 0 = enabled, 10000 = Administrator approved) "=dword:00000000;  
allow only approved domains to use ActiveX without prompting: (0= disabled, 3 = enabled); Xp+ie6 does not exist in this "120B" =dword:00000003;
Download Unsigned ActiveX controls: (3= disabled, 0 = enabled, 1 = prompt) "1004" =dword:00000000;  
Download signed ActiveX controls: (3= disabled, 0 = enabled, 1 = prompt) "1001" = dword:00000000;  
Allow ActiveX filtering: (3= disabled, 0 = enabled); Xp+ie6 does not exist, WIN7+IE8 does not exist in this "2702" =dword:00000000;
Allow Scriptlet: (3= disabled, 0 = enabled, 1 = prompt); Xp+ie6 does not exist in this "1209" =dword:00000000; The
allows you to run an ActiveX control that was not previously used without prompting: (3= disabled, 0 = enabled); XP+IE6 does not exist for this "1208" =dword:00000000;
Run ActiveX controls and plugins: (3= disabled, 0 = enabled, 1 = prompt, 10000 = Administrator approved) "" "=dword:00000000;
to display video and animations on pages that do not use external media players: (3= disabled, 0 = enabled); XP+IE6 does not exist for this "120A" =dword:00000000;

Microsoft VMS
Java Permissions: (00,00,03,00= security Level – low, 00,00,01,00= security level – high, 00,00,02,00= security level – Medium, 00,00,00,00= disabled, 00,00,80,00= custom: A CLSID is modified when customized); WIN7+IE8 does not exist, WIN7+IE9 does not exist, xp+ie6 existence of this "1c00" =hex:00,00,03,00;

Script
Java Applet script: (3= disabled, 0 = enabled, 1 = hint) "1402" =dword:00010000;
Active Script: (3= disabled, 0 = enabled, 1 = hint) "1400" =dword:00000000;
Enable XSS filter: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "1409" =dword:00000003;
Allows programmatic access to the Clipboard: (3= disabled, 0 = enabled, 1 = prompt); IE6: Allow a script to paste operation "1407" =dword:00000000;
Allow Web sites to use Script window prompts for information: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "2105" =dword:00000000;
Allow the status bar to be updated via script: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "2103" =dword:00000000;

Other
Continuous use of user data: (3= disabled, 0 = enabled) "1606" =dword:00000000;
Loading applications and unsafe files: (3= disabled, 0 = enabled, 1 = prompt); Xp+ie6 does not exist in this "1806" =DWORD:00000001;
Include the local directory path when uploading files to the server: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "160A" =dword:00000000;
Cross-domain Browse windows and frames: (3= disabled, 0 = enabled, 1 = prompt); IE6: Cross-domain Browse sub-frame "1607" =dword:00000000;
Enable MIME sniffing: (3= disabled, 0 = enabled); IE6 IE8: Open files based on content, not file extensions; IE9: Enable MIME sniffing "2100" =dword:00000000;
Use SmartScreen filter: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "2301" =dword:00000003;
Use pop-up Blocker: (3= disabled, 0 = enabled) "1809" =dword:00000003;
Sites in less privileged web content zones can navigate to the zone: (3= disabled, 0 = enabled, 1 = prompt); IE6: Sites in a low-privileged web content zone can navigate to this area "2101" =dword:00000001;
Submit non-encrypted form data: (3= disabled, 0 = enabled, 1 = hint) "1601" =dword:00000000;
Access to the data source through the domain: (3= disabled, 0 = enabled, 1 = hint) "1406" =dword:00000000;
Drag and drop or copy and paste files: (3= disabled, 0 = enabled, 1 = hint) "1802" =dword:00000000;
Show mixed content: (3= disabled, 0 = enabled, 1 = hint) "1609" =dword:00000000;
Allow META REFRESH: (3= disabled, 0 = enabled) "1608" =dword:00000000;
Allow scripts for Microsoft Web Browser Controls: (3= disabled, 0 = enabled); IE6: The script "1206" =dword:00000000 that allows Internet exlorer Webbrowser control;
Allows the script to initialize a window that is not limited by size or position: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "2102" =dword:00000000;
Allow Web pages to use active content restricted protocols: (3= disabled, 0 = enabled, 1 = prompt); IE6: Allow Web pages to use restricted protocol "2300" =dword:00000001 for active content;
Allow a Web site to open a window without an address or status bar: (3= disabled, 0 = enabled); Xp+ie6 does not exist in this "2104" =dword:00000000;
Loading programs and files in the IFRAME: (3= disabled, 0 = enabled, 1 = hint) "1804" =dword:00000000;
Client certificate selection is not prompted when only one certificate is present: (3= disabled, 0 = enabled); IE6 IE8: Do not prompt for client certificate selection when there is no certificate or only one certificate; IE9: Do not prompt for client certificate when there is only one certificate select "1a04" =dword:00000000;
Software channel permissions: (30000= security-low, 10000 = security-high, 20000 = security-Medium); Xp+ie6 existence of this item, WIN7+IE8 does not exist, WIN7+IE9 does not exist this "1E05" =dword:00030000;
Installation of desktop components: (3= disabled, 0 = enabled, 1 = prompt); Xp+ie6 existence of this item, WIN7+IE8 existence of this item, WIN7+IE9 does not exist this "1800" =dword:00000000;

Enable the. NET Framework Setup program
Enable the. NET Framework Installer: (3= disabled, 0 = enabled) "2600" =dword:00000000;

Download
File Download: (3= disabled, 0 = enabled) "1803" =dword:00000000;
File Download automatic prompt: (3= disabled, 0 = enabled); Xp+ie6 existence of this item, WIN7+IE8 existence of this item, WIN7+IE9 does not exist this "2200" =dword:00000000;
Font Download: (3= disabled, 0 = enabled, 1 = hint) "1604" =dword:00000000;

User authentication
Login: (30000= anonymous login, 10000 = user name and password hint, 20000 = Automatic logon only in Intranet zone, 0= automatically login with current username and password) "1A00" =dword:00000000;

Security level
Security level: (12000= high, 11500 = medium-high, 11000 = medium, 10500 = Medium low, 10000 = low, 0 = Custom) "CurrentLevel" =dword:00000000;

For unclear registry key values you can use the Registry Snapshot tool Regshot to find the corresponding key value through two scans.

Use JS script to modify registry related settings (ActiveX, etc.) that control ie