RE: Blocking and allowing ActiveX
From: Philipp, Roland (Roland.Philipp_at_bknkids.com)
Date: 09/26/03
- Previous message: Cesar: "RE: Vulnerability scanner for SQL injection, HTML injection- free or commercial ?"
- Maybe in reply to: A.Koot_at_Unive.NL: "Blocking and allowing ActiveX"
- Next in thread: Sergey V. Gordeychik: "RE: Blocking and allowing ActiveX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'A.Koot@Unive.NL'" <A.Koot@Unive.NL>, focus-ms@securityfocus.com Date: Fri, 26 Sep 2003 11:05:31 +0100
Hi Andre
-find out which ActiveX controls are important for you(Flash, MS
Mediaplayer, Realplayer, Acrobatreader.
-Find out the CLSID of this controls. You see them in the source of the web
page.
-Add this CLSIDs into the registry:
REGEDIT4
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Intern
et Settings\AllowedControls]
"{D27CDB6E-AE6D-11CF-96B8-444553540000}"=dword:00000000
"{22D6F312-B0F6-11D0-94AB-0080C74C7E95}"=dword:00000000
"{06DD38D3-D187-11CF-A80D-00C04FD74AD8}"=dword:00000000
"{CA8A9780-280D-11CF-A24D-444553540000}"=dword:00000000
"{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}"=dword:00000000
In internet explorer: Tools/Internetoptions/security/customlevel:
1.Run ActiveX controls and plug ins: Administrator approved
2.downoad signed AktiveXcontrols: prompt
3.all other AktiveX controls: disabled (maybe "script ActiveX controls
marked save for scripting also prompt??)
4.enable Aktive scripting
Now just the allowed ActiveX controls run all others NOT.
thanks
Roland
-----Original Message-----
From: A.Koot@Unive.NL [mailto:A.Koot@Unive.NL]
Sent: Wednesday, September 24, 2003 11:01 AM
To: focus-ms@securityfocus.com
Subject: Blocking and allowing ActiveX
Hello all,
In my company the policy is to disallow ActiveX on the internet segment in
Internet Explorer. However, we find that lots of the sites that users go to,
need ActiveX enabled. So, these sites are entered in the Trusted Zone in IE.
Since we do not use Windows 2K on our domian controllers and we don't have
ADS, it seems we can't use the Group Policy mechanism to add sites to the
trusted zone, our helpdesk has to manually add a site to the trusted zone on
a workstation. We have some 2500 PC's... so, there you have our problem.
What's your policy on ActiveX and how do you solve, or advise us to solve,
the trusted site issue?
groetjes,
André Koot
Security Management
Univé ICT Zwolle
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Cesar: "RE: Vulnerability scanner for SQL injection, HTML injection- free or commercial ?"
- Maybe in reply to: A.Koot_at_Unive.NL: "Blocking and allowing ActiveX"
- Next in thread: Sergey V. Gordeychik: "RE: Blocking and allowing ActiveX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
