Geek Answers Handbook

Change Internet Explorer settings programmatically?

How can I do the following using C #?

  • Going to Tools -> Internet Options -> Security
  • Select Security Tab
  • Click the Custom Level button
  • Under Miscellaneous change Display mixed content to Enable
+7
source share
4 answers

The "cheat" way to do this is to change the meaning

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0 \ 1609 HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 1 \ 1609 HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 2 \ 1609 HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 1609 HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 4 \ 1609

Where 0-4 are zone identifiers, and the value is 0, and 1 is a request, 3 is for blocking. Keep in mind that if your code does this on any computer other than your own, you will probably find your code blocked as malware.

The “right” way to do this is to use the API to create the IInternetZoneManager and call SetZoneActionPolicy to configure the URLACTION_HTML_MIXED_CONTENT parameters in the zones that you want to configure.

+11
source

You should not do this “programmatically”. That is why there is no API for this. Only the user can change their security settings, and they do this using the built-in interface that you have already discovered.

The poor IE team is working overtime, trying to tighten the security of their browser. They are not going to throw something like this to nullify all their efforts in seconds.
Recall that even after selecting this option , a confirmation dialog is presented . How do you suggest "click" programmatically? (Hmm, I thought, don't tell me, probably, the next question you ask.)

Give up trying to do this programmatically and ask the user to do it themselves. Provide a complete help file or other documentation explaining why you are requesting them to make this change, which features will not be available if they do not want to make this change, and what are the possible security risks for such a change. And, of course, specific instructions on how the change is made.

Or, better yet, redesign your application so that it does not require modification of IE security settings throughout the system . It is hard to imagine a legal case. A better solution may require the user to add your site to their "trusted sites". Remember that local pages have different security settings than deleted pages by default.

+5
source

Also do not forget group policies. Most (if not all) IE options can also be specified in group policies. According to the Local Group Policy setting for the IE security page and the Internet page security page , Group Policy settings override user settings. So, on my home PC (it works without a domain controller), I have a choice to determine IE settings either using the local group policy editor or through Internet Options. For example, if I run gpedit.msc to open the Local Group Policy Editor, select Computer Configuration \ Windows Components \ Internet Explorer \ Internet Control Panel \ Security Page \ Internet Zone change the Display Mixed Content option to Enabled, then select "Enable" in the drop-down list, click "Apply", then open "Security Settings for Internet Zone" in IE. I will see that Display Mixed Content is changed to Enable and the selection is disabled because it is overridden by a policy. For the entire list of supported policies, download WindowsServer2012andWindows8GroupPolicySettings.xlsx from http://www.microsoft.com/en-us/download/ details.aspx? id = 25250

Now back to the question of how to programmatically change the settings. EricLaw correctly suggested using SetZoneActionPolicy from IInternetZoneManager. But it's hard to find samples to call it from C #. I ended up copying http://www.pinvoke.net/default.aspx/Interfaces.IInternetZoneManager into my code, and then do:

 //This will disable "Download signed ActiveX" (IE setting # 0x1001) for Internet Zone (zone #3) IInternetZoneManager izm = Activator.CreateInstance(Type.GetTypeFromCLSID(new Guid("7b8a2d95-0ac9-11d1-896c-00c04Fb6bfc4"))) as IInternetZoneManager; IntPtr pPolicy = Marshal.AllocHGlobal(4); Marshal.Copy(new int[] { 3 }, 0, pPolicy, 1);//3 means "Disable" int result = izm.SetZoneActionPolicy((uint)UrlZone.Internet, (uint)0x1001, pPolicy, 4, (uint)UrlZoneReg.CurrentUserKey); Marshal.ReleaseComObject(izm); Marshal.FreeHGlobal(pPolicy);

I also tried changing the group policy programmatically. I used the library from https://bitbucket.org/MartinEden/local-policy and then:

 //This will disable "Download signed ActiveX controls" computer policy for Internet Zone (zone #3) const string keyPath = @"SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"; var gpo = new LocalPolicy.ComputerGroupPolicyObject(); using (var machine = gpo.GetRootRegistryKey(LocalPolicy.GroupPolicySection.Machine)) { using (var terminalServicesKey = machine.CreateSubKey(keyPath)) { terminalServicesKey.SetValue("1001", 3, Microsoft.Win32.RegistryValueKind.DWord); } } gpo.Save();

After successfully testing the code above on Win7 SP1 with IE 11, I decided to return to EricLaw's original offer: change HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ * \ 1001 because this is what Microsoft recommends. See, for example, How to Strengthen Security Settings for a Local Computer Zone in Internet Explorer or Advanced Browsing Security

0
source

I'm not sure, but I think you can find all these settings in the "registry". You need to find the appropriate key. And to change these values, you need to have the appropriate rights. Access to the registry can be obtained from the .net code

-one
source

More articles:


All Articles