Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

User Request – Get Rid of IE’s “Security Information” Prompt for Secure Sites

Posted by William Diaz on September 1, 2010


I’m always eager to learn some Internals, whether its Windows, Office or Internet Explorer. A request from one of our high-profile user provided me this chance. She wanted me to prevent the following message prompt from appearing when she visited secure sites (she did this a lot as part of her work): “This page contains both secure and nonsecure items. Do you want to display the non secure items?

Actually,
turning this off is no big deal: go into IE’s Security tab > Internet Zone > Custom Level > Display mixed content and change the setting from Prompt to Enable. However, this setting is often enforced via group policy as part of the standard default security for Internet Security and the setting will eventually end up being reset again. To workaround that, I decided that best way to do this would to be to create a VB script and place it in the user’s startup folder in C:\Documents and Settings\username\Start Menu\Programs\Startup.

To find the registry key(s) involved, I turned to Process Monitor to gather a trace of registry operations in IE when I toggled the radio options. I applied a filter to only trace activity on iexplore.exe and afterward ran a search for key words like Mixed or Content, which revealed the registry keys I needed to focus on:

I right-clicked one of the registry paths and used the Jump to feature to automatically open the registry and go to any of the keys above:

The key and sub-keys here are not actually responsible for enforcing the this setting in IE. They actually point a different portion of the registry that contains the zone information for the Internet. I ignore
RegPoliciesPath since this doesn’t exist and focus on RegPath and the ValueName is 1609. One important note here: I don’t want this change to apply to all users on the computer, just our demanding, high-profile user. So instead of navigating to HKEY_Local_Machine I went to the same key in HKEY_Current_User. The zone we are interested in is zone 3, the Internet zone:

The values here can be 0, 1, or 3. 0 = action is permitted. 1 = prompt appears (the one I want to get rid of). 3 = prohibit action. I want to change 1 to 0.

Knowing this, a short vb script is thrown together with notepad:

const HKEY_CURRENT_USER = &H80000001
strComputer = “.”
Set StdOut = WScript.StdOut

Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” &_
strComputer & “\root\default:StdRegProv”)

strKeyPath = “Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”

strValueName = “1609”
dwValue = 0
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

The downside to this is that this demanding high-profile user makes you their go-to person for everything.

Now, if you’re thinking that a more simple approach is to just add the site to your Trusted sites, yes, this works, but this is negated by another security warning:

This, too, could be turned off but eventually GP would reset.


*The other zones are My Computer, Intranet, Trusted, and Restricted.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: