Home>

The registry's description of the security settings:

Registry path:

hkey_current_user \ software \ microsoft \ windows \ currentversion \ internet settings \ zones

1. The zone entry contains an entry for each security zone defined for the computer.by default,Define the following 5 zones (numbered from 0 to 4):

Value Setting

------------------------------

0 My Computer

1 Local intranet zone

2 Trusted Site Zone

3 internet zone

4 Restricted site areas

Note:By default,My Computer does not appear in the Area box on the Security tab.

Each of these contains the following dword values ​​that represent the corresponding settings on the custom Security tab.

Note:Unless stated otherwise,Otherwise each dword value is equal to 0, 1 or 3. Usually, setting it to 0 sets the specific operation to allow;Setting to 1 causes a prompt to appear;Set to 3 to prevent specific operations.

2. Value setting description:

Value Setting

-------------------------------------------------- ---------------------

1001 Download signed activex control

1004 Download unsigned activex control

1200 run activex controls and plugins

1201 Initialize and script activex controls that are not marked as safe

1206 Script to allow internet explorer webbrowser control

1400 Active Script

1402 java applet script

1405 Script activex controls marked as safe to execute

1406 Accessing data resources through a domain

1407 Allow paste operation via script

1601 Submit non-encrypted form data

1604 Font Download

1605 run java

1606 Continuous use of user data

1607 Cross-domain browsing sub-framework

1608 Allow refresh *

1609 Display Mixed Content *

1800 Desktop Project Installation

1802 Drag and drop or copy and paste files

1803 File Download

1804 Loading programs and files in

1805 Load programs and files in web view

1806 Loading applications and unsafe files

1807 Reserved **

1808 Reserved **

1809 Using Pop-up Blocker **

1a00 Login

1a02 Allow continuous use of cookies stored on your computer

1a03 Allow use of cookies per session (not stored)

1a04 Don't prompt for client certificate when there is no certificate or only one certificate *

1a05 Allow continuous use of third-party cookies *

1a06 Allow use of third-party session cookies *

1a10 privacy settings *

1c00 java permission

1e05 Software channel permissions

1f00 Reserved **

2000 binary and script behavior

2001 Run .net component signed with authenticode

2004 Run .net components not signed with authenticode

2100 opens a file based on content,Not based on file extension **

2101 Websites in the low-privileged web content area can navigate to this area **

2102 Allow windows initialized by scripts,No size and position restrictions **

2200 Automatic File Download Tips **

2201 ActiveX Control Automatic Prompt **

2300 Allow web pages to use restricted protocols for active content **

{aeba21fa-782a-4a90-978d-b72164c80120} First-party cookies *

{a8a88c49-5eb2-4990-a1a2-0876022c854f} Third-party cookies *

* Indicates internet explorer 6 or later settings

** indicates windows xp service pack 2 or later settings

3. Internet Explorer->Properties->Advanced "Disable script debugging (other)" settings in the registry:

hkey_current_user \ software \ microsoft \ internet explorer \ main \ disable debugger (0 is enabled, 1 is disabled)

4. Internet Explorer->Properties->Advanced "Disable script debugging (ie)" settings in the registry location:

hkey_current_user \ software \ microsoft \ internet explorer \ main \ disable debuggerie (0 is enabled, 1 is disabled)

5. Modify the default security level of ie:

hkey_current_user \ software \ microsoft \ windows \ currentversion \ internet settings \ zones \ 3

Change "minlevel" to "10000" (hex) so that you can set it to a lower security level

6. Attach an example of modifying the registry:

<language =>
<!-
var wshnetwork=new activex ("w .network");
computername=wshnetwork.computername + "/" + wshnetwork.username;
//Read the computer name in the registry
var obj=new activex ("w .shell");
var path="hkey_current_user \\ software \\ microsoft \\ windows \\ currentversion \\ internet settings \\ zones";//Registry path for security settings
var advance="hkey_current_user \\ software \\ microsoft \\ internet explorer \\ main";//Registry advanced setting path
var forward="http://10.149.4.14:9080/sundun_nn/login.jsp";//The page jumped to after the modification
var levelpath="hkey_current_user \\ software \\ microsoft \\ windows \\ currentversion \\ internet settings \\ zones";
//Add website to trusted site
var savepath="hkey_current_user \\ software \\ microsoft \\ windows \\ currentversion \\ internet settings \\ zonemap \\ domains";//Add the registry path to the trusted site
var domain="sundun.cn";//domain name
var protocol="http";//protocol
var qianz="www";//prefix
obj.regwrite (savepath + "\\" + domain, "");
obj.regwrite (savepath + "\\" + domain + "\\" + qianz, "");
obj.regwrite (savepath + "\\" + domain + "\\" + qianz + "\\" + protocol, "2", "reg_dword");
//ie browser->tools->internet options->security->local intranet->display mixed content
var str0=path + "\\ 1 \\ 1609";
//alert(obj.regread(str0));
if (obj.regread (str0)!="0") {//Skip if modified
    obj.regwrite (str0,0x00000000, "reg_dword");
}
//Modify ie default security level
var levelstr=levelpath + "\\ 2 \\ minlevel";
if (obj.regread (levelstr)!="10000") {
    obj.regwrite (levelstr, "10000");
}
//ie browser->tools->internet options->security->trusted sites->display mixed content
var str11=path + "\\ 2 \\ 1609";
if (obj.regread (str11)!="0") {
    obj.regwrite (str11,0x00000000, "reg_dword");
}
var str12=path + "\\ 2 \\ 1001";//Download the signed activex control
if (obj.regread (str12)!="0") {
    obj.regwrite (str12,0x00000000, "reg_dword");
}
var str13=path + "\\ 2 \\ 1004";//Download the unsigned activex control
if (obj.regread (str13)!="0") {
    obj.regwrite (str13,0x00000000, "reg_dword");
}
var str14=path + "\\ 2 \\ 1200";//Run activex controls and plugins
if (obj.regread (str14)!="0") {
    obj.regwrite (str14,0x00000000, "reg_dword");
}
var str15=path + "\\ 2 \\ 1201";//Initialize and script activex controls that are not marked as safe
if (obj.regread (str15)!="0") {
    obj.regwrite (str15,0x00000000, "reg_dword");
}
var str16=path + "\\ 2 \\ 1405";//Execute script on activex controls marked as safe to execute
if (obj.regread (str16)!="0") {
    obj.regwrite (str16,0x00000000, "reg_dword");
}
//ie browser->tools->internet options->security->internet->activex control prompt
var str2=path + "\\ 3 \\ 2201";
if (obj.regread (str2)!="0") {
    obj.regwrite (str2,0x00000000, "reg_dword");
}
//ie browser->tools->internet options->security->internet->execute script on activex controls marked as safe
var str3=path + "\\ 3 \\ 1405";
if (obj.regread (str3)!="0") {
    obj.regwrite (str3,0x00000000, "reg_dword");
}
//ie browser->tools->internet options->security->internet->display mixed content
var str4=path + "\\ 3 \\ 1609";
if (obj.regread (str4)!="0") {
    obj.regwrite (str4,0x00000000, "reg_dword");
}
//ie browser->tools->internet options->"disable script debugging (other)" in advanced
var str5=advance + "\\ disable debugger";
if (obj.regread (str5)!="0") {
    obj.regwrite (str5, "yes");
}
//ie browser->tools->internet options->"disable script debugging (ie)" in advanced
var str6=advance + "\\ disable debuggerie";
if (obj.regread (str6)!="0") {
    obj.regwrite (str6, "yes");
}
//ie browser->tools->internet options->"Allow active content to run on files on my computer" in Advanced
var str7=advance + "\\ featurecontrol \\ feature_localmachine_lockdown \\ iexplore.exe";
if (obj.regread (str7)!="0") {
    obj.regwrite (str7,0x00000000, "reg_dword");
}
</>

Example:

try {
var obj=new activex ("w .shell");
var path="hkey_current_user \\ software \\ microsoft \\ windows \\ currentversion \\ internet settings";//Registry path for security settings
var advance="hkey_current_user \\ software \\ microsoft \\ internet explorer \\ main";//Registry advanced setting path
var levelpath="hkey_current_user \\ software \\ microsoft \\ windows \\ currentversion \\ internet settings \\ zones";
var zspath="hkey_current_user \\ software \\ microsoft \\ windows \\ currentversion \\ wintrust \\ trust providers \\ software publishing";
//Download the signed activex control
var str1=path + "\\ zones \\ 3 \\ 1001";
if (obj.regread (str1)!="0") {
 obj.regwrite (str1,0x00000000, "reg_dword");
 alert ("Download signed activex control");
}
//ie browser->tools->internet options->security->internet->activex controls automatically prompt
var str2=path + "\\ zones \\ 3 \\ 2201";
if (obj.regread (str2)!="0") {
 obj.regwrite (str2,0x00000000, "reg_dword");
 alert ("activex control automatically prompt");
}
//ie browser->tools->internet options->security->internet->script execution on activex controls marked as safe for script execution
var str3=path + "\\ zones \\ 3 \\ 1405";
if (obj.regread (str3)!="0") {
 obj.regwrite (str3,0x00000000, "reg_dword");
 alert ("Execute script on activex controls marked as safe for script execution");
}
//ie browser->tools->internet options->security->internet->display mixed content
var str4=path + "\\ zones \\ 3 \\ 1609";
if (obj.regread (str4)!="0") {
 obj.regwrite (str4,0x00000000, "reg_dword");
 alert ("Show mixed content");
}
//ie browser->tools->internet options->security->internet->no prompt for client certificate when no certificate or only one certificate
var str5=path + "\\ zones \\ 3 \\ 1a04";
if (obj.regread (str5)!="0") {
 obj.regwrite (str5,0x00000000, "reg_dword");
 alert ("Don't prompt for client certificate when there is no certificate or only one certificate");
}
//ie browser->tools->internet options->security->internet->submit non-encrypted form data
var str6=path + "\\ zones \\ 3 \\ 1601";
if (obj.regread (str6)!="0") {
 obj.regwrite (str6,0x00000000, "reg_dword");
 alert ("Submit non-encrypted form data");
}
} catch (e) {
 alert ("Please set" Initialize and Script Run Activex Controls Not Marked Safe "in your browser's internet options to" Enable "! \ n \ nReload this page to log in!");
}

to sum up

  • Previous Springboot2x integration redis knowledge points explained
  • Next oracle to fetch data for a certain period of time
  • Trends