Wednesday, December 17, 2008

Default IE7 Settings for XP SP3 and Server 2003 SP1

In doing some research on IE7 permissions I searched high and low on the MSDN and similar places, and couldn't find a complete list of default settings. So, I created the following spreadsheet to document what was available, by default, for the various security zones ('Intranet', 'Internet', etc). This was a quick analysis and only includes those with 'simple' registry values (like 0, 1, etc), and doesn't parse out any of the more complex values. See this MS link for more info.

When I created it, I looked at a fresh XP SP3 install and an almost new Server 2003 SP1 install. I followed the rules for precedence when conflicting rules are in place (e.g. HKLM vs HKCU, Domain policy over default HKLM/HKCU, etc) and came up with the final results. At some point, I'll go back and do it properly with complete documentation of the sources of the various settings, but in the mean time if anyone else would find this useful, here ya go.

Specifically, the settings that may be interested to look at are:

  • 1206 Miscellaneous: Allow scripting of Internet Explorer Web browser control ^
  • 1208 ActiveX controls and plug-ins: Allow previously unused ActiveX controls to run without prompt ^
  • 1209 ActiveX controls and plug-ins: Allow Scriptlets
  • 1407 Scripting: Allow Programmatic clipboard access
  • 1607 Miscellaneous: Navigate sub-frames across different domains
  • 1805 Launching programs and files in webview #
  • 1806 Miscellaneous: Launching applications and unsafe files
  • 1809 Miscellaneous: Use Pop-up Blocker ** ^
  • 1A04 Miscellaneous: Don't prompt for client certificate selection when no certificates or only one certificate exists * ^
  • 1A05 Allow 3rd party persistent cookies *
  • 1A10 Privacy Settings *
  • 2102 Miscellaneous: Allow script initiated windows without size or position constraints ** ^
  • 2103 Scripting: Allow status bar updates via script ^
  • 2104 Miscellaneous: Allow websites to open windows without address or status bars ^
  • 2105 Scripting: Allow websites to prompt for information using scripted windows ^
  • 2200 Downloads: Automatic prompting for file downloads ** ^
  • 2201 ActiveX controls and plug-ins: Automatic prompting for ActiveX controls ** ^
  • 2301 Miscellaneous: Use Phishing Filter ^
  • 1207 Reserved #
  • 1408 Reserved #
  • 1807 Reserved ** #
  • 180A Reserved #
  • 180D Reserved #

Lastly, if any of you who review this notice your settings at are different from these, please drop me an email.

The default IE7 settings are located at the below registry entries. If policy-enforced settings are in placed, they override whatever is set here.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Default Windows IE7 Permissions

No comments: