Script Syntax:
<Script language = "JavaScript">
<! --
Var WshShell = new ActiveXObject ("WScript. Shell ");
// Add a trusted site ip Address
WshShell. RegWrite ("HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap \ Ranges \ Range100 \\","");
WshShell. regWrite ("HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap \ Ranges \ Range100 \ http", "2 ", "REG_DWORD ");
WshShell. regWrite ("HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap \ Ranges \ Range100 \: Range", "192.168.0.1 ");
WshShell. RegWrite ("HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap \ Ranges \ Range101 \\","");
WshShell. regWrite ("HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap \ Ranges \ Range101 \ http", "2 ", "REG_DWORD ");
Wshshell. regwrite ("hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ zonemap \ ranges \ range101 \: range", "192.168.0.2 ");
// Modify IE ActiveX Security Settings
// Disable XSS Filtering
Wshshell. regwrite ("hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 1409", "3", "REG_DWORD ");
// Pop-up blocking and disabling
Wshshell. regwrite ("hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 2301", "3", "REG_DWORD ");
// Enable File Download
Wshshell. regwrite ("hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 1803", "0", "REG_DWORD ");
// Enable clipboard Programming
Wshshell. regwrite ("hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 1407", "0", "REG_DWORD ");
// Disable the xinxp pop-up window blocking program
WshShell. RegWrite ("HKCU \ Software \ Microsoft \ Internet Explorer \ New Windows \ PopupMgr", "no ");
Alert ("active Control Security Settings, pop-up window settings, set successfully ");
// -->
</SCRIPT>
Related parameters:
Registry entry of the trusted site
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ ZoneMap \ Ranges \ Range [*]
ActiveX registry key
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ [0-4] \ [*]
[0-4] value settings
0 my computer
1. Local Intranet Region
2. trusted site regions
3. Internet region
4 restricted site regions
. NET Framework
XAML browser application: (3 = disabled, 0 = enabled, 1 = prompted) "2400" = dword: 00000000;
XPS document: (3 = disabled, 0 = enabled, 1 = prompted) "2401" = dword: 00000000;
Loose XAML: (3 = disabled, 0 = enabled, 1 = prompted) "2402" = dword: 00000000;
. NET Framework components
Components with configuration permissions: (3 = disabled, 10000 = high security level) "2007" = dword: 00010000;
Run components without Authenticode Signature: (3 = disabled, 0 = enabled, 1 = prompted) "2004" = dword: 00000000;
Run the Authenticode signature component: (3 = disabled, 0 = enabled, 1 = prompted) "2001" = DWORD: 00000000;
ActiveX controls and plug-ins
ActiveX control automatic prompt: (3 = disabled, 0 = enabled) "2201" = DWORD: 00000000;
Execute scripts on ActiveX controls marked as secure script execution: (3 = disabled, 0 = enabled, 1 = prompted) "1405" = DWORD: 00000000;
Initialize and execute the script for the ActiveX control that is not marked as a secure Script: (3 = disabled, 0 = enabled, 1 = prompt) "1201" = DWORD: 00000000;
Binary and script behavior: (3 = disabled, 0 = enabled, 10000 = approved by the Administrator) "2000" = DWORD: 00000000;
Allow only approved domains to use ActiveX without prompt: (0 = disabled, 3 = enabled); XP + IE6 does not have this option "120b" = DWORD: 00000003;
Download unsigned ActiveX Controls: (3 = disabled, 0 = enabled, 1 = prompted) "1004" = DWORD: 00000000;
Download the signed ActiveX Control: (3 = disabled, 0 = enabled, 1 = prompted) "1001" = DWORD: 00000000;
Allow ActiveX Filtering: (3 = disabled, 0 = enabled); XP + IE6 does not exist; win7 + IE8 does not exist. "2702" = DWORD: 00000000;
Allow scriptlet: (3 = disabled, 0 = enabled, 1 = prompt); XP + IE6 does not exist. "1209" = DWORD: 00000000;
Allow running ActiveX controls that were not used before without prompting: (3 = disabled, 0 = enabled); XP + IE6 does not exist. "1208" = DWORD: 00000000;
Run ActiveX controls and plug-ins: (3 = disabled, 0 = enabled, 1 = prompted, 10000 = approved by the Administrator) "1200" = DWORD: 00000000;
Videos and animations are displayed on webpages without external media players: (3 = disabled, 0 = enabled); XP + IE6 does not have this option "120A" = dword: 00000000;
Microsoft VM
Java permissions: (, = Security Level-low, = Security Level-high, = Security Level-medium, = disabled, 00, = custom: a CLSID will be modified during customization. This option does not exist in Win7 + IE8, while does not exist in Win7 + IE9. XP + IE6 has this option "1C00" = hex,;
Script
Java Applet Script: (3 = disabled, 0 = enabled, 1 = prompted) "1402" = dword: 00010000;
Activity Script: (3 = disabled, 0 = enabled, 1 = prompted) "1400" = dword: 00000000;
Enable XSS filter: (3 = disabled, 0 = enabled); XP + IE6 does not exist. "1409" = dword: 00000003;
Allow programmatic access to the clipboard: (3 = disabled, 0 = enabled, 1 = prompted); IE6: allow the paste operation by script "1407" = dword: 00000000;
Allow the website to use the script window to prompt for information: (3 = disabled, 0 = enabled); XP + IE6 does not exist this "2105" = dword: 00000000;
Allow the status bar to be updated by Script: (3 = disabled, 0 = enabled); XP + IE6 does not include this item "2103" = dword: 00000000;
Others
Continuous use of user data: (3 = disabled, 0 = enabled) "1606" = dword: 00000000;
Load applications and unsafe files: (3 = disabled, 0 = enabled, 1 = prompted); XP + IE6 does not exist. "1806" = dword: 00000001;
When uploading a file to the server, it contains the local directory path: (3 = disabled, 0 = enabled); XP + IE6 does not contain this option "160A" = dword: 00000000;
Cross-origin browser window and frame: (3 = disabled, 0 = enabled, 1 = prompted); IE6: Cross-origin browser sub-frame "1607" = dword: 00000000;
Enable MIME profiling: (3 = disabled, 0 = enabled); IE6 IE8: open a file based on the content instead of the file extension; IE9: Enable MIME profiling "2100" = dword: 00000000;
SmartScreen filter: (3 = disabled, 0 = enabled); XP + IE6 does not exist. "2301" = dword: 00000003;
Use the pop-up window to stop the program: (3 = disabled, 0 = enabled) "1809" = dword: 00000003;
The website in the Web content area with fewer privileges can be located in this area: (3 = disabled, 0 = enabled, 1 = prompt); IE6: in the low-privilege Web content area, you can navigate to this area "2101" = dword: 00000001;
Submit unencrypted form data: (3 = disabled, 0 = enabled, 1 = prompted) "1601" = dword: 00000000;
Access the data source through the domain: (3 = disabled, 0 = enabled, 1 = prompted) "1406" = dword: 00000000;
Drag and Drop or copy and paste files: (3 = disabled, 0 = enabled, 1 = prompted) "1802" = dword: 00000000;
Show mixed content: (3 = disabled, 0 = enabled, 1 = prompted) "1609" = dword: 00000000;
Meta refresh allowed: (3 = disabled, 0 = enabled) "1608" = dword: 00000000;
Allow scripts of the Microsoft Web browser control: (3 = disabled, 0 = enabled); IE6: Allow scripts of the Internet Exlorer Webbrowser control "1206" = dword: 00000000;
The window that allows script Initialization is not limited by the size or position: (3 = disabled, 0 = enabled); XP + IE6 does not exist. "2102" = dword: 00000000;
Allowed webpage content restriction Protocol: (3 = disabled, 0 = enabled, 1 = prompted); IE6: Allow webpage content to use restricted protocol "2300" = dword: 00000001;
Allow the website to open a window without an address or status bar: (3 = disabled, 0 = enabled); XP + IE6 does not exist this "2104" = dword: 00000000;
Load programs and files in IFRAME: (3 = disabled, 0 = enabled, 1 = prompt) "1804" = dword: 00000000;
If only one certificate exists, you are not prompted to select the client certificate: (3 = disabled, 0 = enabled); IE6 IE8: no certificate or only one certificate does not prompt to select the client certificate; IE9: if only one certificate exists, you are not prompted to select "1A04" = dword: 00000000;
Software channel permissions: (30000 = Security-low, 10000 = Security-high, 20000 = Security-medium); XP + IE6 exists, Win7 + IE8 does not exist, "1E05" = dword: 00030000; not found in Win7 + IE9;
Desktop component installation: (3 = disabled, 0 = enabled, 1 = prompted); XP + IE6 exists, Win7 + IE8 exists, this option does not exist in Win7 + IE9 "1800" = dword: 00000000;
Enable. NET Framework Installer
Enable. NET Framework Installer: (3 = disabled, 0 = enabled) "2600" = dword: 00000000;
Download
File Download: (3 = disabled, 0 = enabled) "1803" = dword: 00000000;
Automatic File Download prompt: (3 = disabled, 0 = enabled); XP + IE6 exists, Win7 + IE8 exists, Win7 + IE9 does not exist "2200" = dword: 00000000;
Font download: (3 = disabled, 0 = enabled, 1 = prompted) "1604" = dword: 00000000;
User verification
Logon: (30000 = Anonymous logon, 10000 = user name and password prompt, 20000 = automatic logon only in the Intranet region, 0 = Automatic Logon using the current user name and password) "1A00" = dword: 00000000;
Security level
Security level: (12000 = high, 11500 = medium-high, 11000 = medium, 10500 = medium, 10000 = low, 0 = custom) "CurrentLevel" = dword: 00000000;
For unclear registry key values, you can use registry snapshot tool RegShot to find the corresponding key values through two scans.