Change Internet Explorer security settings for trusted domains using Powershell
I was wondering if it is at all possible to make the following changes for trusted domains in Internet Explorer with PowerShell.
Internet Explorer settings I wish to change:
- Add http://website.com/ as a trusted site
- Allow ActiveX Filtering = Enable
- Allow previously unused ActiveX controls to run without prompt = Enable
- Allow Scriptlets = Enable
- Automatic Prompting for ActiveX controls = Disable
- Binary and script behaviours = Enable
- Display video and animation on a webpage that does not use external media player = Enable
- Download signed ActiveX controls = Enable
- Download unsigned ActiveX controls = Enable
- Initialize and script ActiveX controls not marked as safe for scripting = Enable
- Only allow approved domains to use ActiveX without prompt = Disable
- Run ActiveX controls and plugins = Enable
- Script ActiveX controls marked safe for scripting = Enable
Answer
Turns out that it was!
Here's what i did: (Run powershell as an Administrator)
#Setting IExplorer settings
Write-Verbose "Now configuring IE"
#Add http://website.com as a trusted Site/Domain
#Navigate to the domains folder in the registry
set-location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set-location ZoneMap\Domains
#Create a new folder with the website name
new-item website/ -Force
set-location website/
new-itemproperty . -Name * -Value 2 -Type DWORD -Force
new-itemproperty . -Name http -Value 2 -Type DWORD -Force
new-itemproperty . -Name https -Value 2 -Type DWORD -Force
#Navigate to the trusted domains folder in the registry:
#Go to registry folder for Trusted Domains
#Zone 2 in this case resembles the trusted domains (Or zones if you'd prefer)
Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zones\2"
Now you have all your settings pointed out as values. The trick is to find the proper values per setting. In my case I found the values on: http://support.microsoft.com/KB/182569 (A bit midway on the page)
Now we need to know what the preferred values are. In my case I found that value 0 is Enabled, 1 is Disabled and 3 is (if supported) prompting.
Next off it's pretty simple.
-ActiveX controls and plug-ins: Allow ActiveX Filtering = Enable (2702)
new-itemproperty . -Name 2702 -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Allow previously unused ActiveX controls to run without prompt = Enable (1208)
new-itemproperty . -Name 1208 -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Allow Scriptlets = Enable (1208)
new-itemproperty . -Name 1209 -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Automatic prompting for ActiveX controls = Disable (2201)
new-itemproperty . -Name 2201 -Value 3 -Type DWORD -Force
-ActiveX controls and plug-ins: Binary and script behaviors = Enable (2000)
new-itemproperty . -Name 2000 -Value 0 -Type DWORD -Force
-Display video and animation on a webpage that does not use external media player = Enable (120A)
new-itemproperty . -Name 120A -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Download signed ActiveX controls = Enable (1001)
new-itemproperty . -Name 1001 -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Download unsigned ActiveX controls = Enable (1004)
new-itemproperty . -Name 1004 -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Initialize and script ActiveX controls not marked as safe for scripting = Enable (1201)
new-itemproperty . -Name 1201 -Value 0 -Type DWORD -Force
-Only allow approved domains to use ActiveX without prompt = Disable (120B)
new-itemproperty . -Name 120B -Value 3 -Type DWORD -Force
-ActiveX controls and plug-ins: Run ActiveX controls and plug-ins = Enable (1200)
new-itemproperty . -Name 1200 -Value 0 -Type DWORD -Force
-ActiveX controls and plug-ins: Script ActiveX controls marked as safe for scripting = Enable (1405)
new-itemproperty . -Name 1405 -Value 0 -Type DWORD -Force
cls #Clear the screen
cd C:\Windows\System32 #Go back to default folder