Disable ActiveX Part II
Automation
Often you want to temporarily re-enable Active X. for a Web page. To do that: go to internet options-security, and select the default level. When your through with the Web page, you should go back and disable activeX as soon as possible. There is a problem though: going back and forth between active X enabled and disabled is not only time consuming and annoying—it can be dangerous as well. It's easy to check the wrong boxes and your computer may end up in a less secure configuration. What you want is a program to automate the process. and in this section we suggest some Visual Basic Scripts to accomplish this. We assume you know the basics of windows scripting (at least enough to be dangerous perhaps), for that reason we don't provide instructions on how to get the scripts on to your computer. If you are not familiar with VB scripts and the Windows Script Host, there's a ton of tutorials etc. on the Web. There is also a lot of bad advice from many of the so-called experts. Note: neither of these scripts have been tested on windows7
We start off with a Key stroke sender that sets the slider in Fig. 1 . to High:
'---------------------------------Set2Hi.vbs-----------------------------------------
Option
Explicit
Dim WshShell
Set WshShell =
CreateObject("WScript.Shell")
If
WshShell.AppActivate ("Windows Internet Explorer")=false
then
MsgBox "Start Internet Explorer,Try Again "
,VbExclamation,"Intenet Explorer not Open"
Wscript.Quit
End
If
Wscript.Sleep(200)
WshShell.SendKeys "%t"
'ALT,t
Wscript.Sleep(200)
WshShell.SendKeys
"o"
Wscript.Sleep(200)
WshShell.SendKeys "^({TAB})"
'CTRL+TAB
Wscript.Sleep(200)
WshShell.SendKeys
"{LEFT 3}" 'LEFT 3 times "i"
also works
Wscript.Sleep(200)
WshShell.SendKeys
"{TAB}"
Wscript.Sleep(200)
WshShell.SendKeys "%(d)"
'ALT+d
Wscript.Sleep(200)
WshShell.SendKeys
"{UP 4}" 'UP 4 times
Key stroke macros are very quirky, and are often implementation and version dependent Unlike a real program they can't check that things went as they should. For that reason:
NEVER LET A KEYSTROKE MACRO SEND A RETURN (OK) KEY
Just leave the window open, that way the user can hit OK after verifying that things really are OK. After you run set2hi you should see the dialog box of Fig. 1 with the slider set to High;then you hit OK. On a slow machine or one that is temporarily bogged down, keystrokes seem to get lost and a different window appears, in that case hit cancel and try again. If the problem persists, try increasing the delays.
Set2Hi was tested on a few machines both XP and Vista with IE8 and seems to work fine. Sleep delays between the keys strokes are necessary despite what the experts say; in fact on an older machine or a laptop in power save mode, I have had to increase the delay up to a 1000 ms. So if the wrong dialog box appears, increase the delays. Also, don't start the script until IE. has finished initializing. I should point out that on some implementations of XP , AppActivate looks for the title of the Web page and not the program name. For example if your home page is Google, you will have to change the AppActivate target to "Google" or whatever the title reads. The program will only work when an IE window is open to the home page.--I encountered this problem on an Acer laptop.
Reference for Keystroke Macros
http://msdn.microsoft.com/en-us/library/8c6yea83(VS.85).aspx
(Don;t try to be clever and have the program open iexplore if not its not already open. It just takes too long for explorer to get into key receiving state for that approach to work reliably. On some computers IE must not be minimized.)
After you successfully run Set2Hi, IE will be in High security, and as discussed in Part 1 you may want to relax the security level a bit. If you wanted, you could have a keystroke macro go on to the “custom setings” dialog and apply the appropriate check boxes there. But that would be complex and almost certainly not portable. (The same could be said for Set2Hi.vbs) but it's simple and easy to modify.)
It's actually easier and better to write a script that modifies the system registry provided that you are careful about it. Here is a sample:
This program will change Windows Registry settings. It has been tested is believed to be reliable. It is provided as-is. The author is not responsible for any loss of data. You should back up the system registry to be safe.
'
VBScript relaxes the "Internet Zone" High Security Level
'
To allow reasonable functionality.'Changes the following registry
keys:
'---------------------------------------------------------------------|
'|
Key Description Old Setting New Setting|
'|1400 Active Scripting
Disable(x3) Enable(x0) |
'|1601 Submit Non-encrpyted form data
Prompt (x1) Enable(x0) |
'|1803 File Download* Disable(x3)
Enable(x0) |
'|1806 Lauch applications and unsafe files
Disable(x3) Prompt(x1) |
'| *NOTE:1803 (File Download) can not
have the prompt(x1) value |
'| VISTA sets 1806 to prompt in high
security mode.
|
'---------------------------------------------------------------------
'All
activeX and other potentially harmful actions remain disabled
Option
Explicit
Dim strBaseKey,strInternetZone3Key,WshShell
Dim
strCurrentLevel,HighSecurity,CurrentLevel,strRegValues
strBaseKey
="HKCU\Software\Microsoft\Windows\CurrentVersion\"
strInternetZone3Key="Internet
Settings\Zones\3\"
HighSecurity=&H0012000
Set
WshShell = CreateObject("WScript.Shell")
CurrentLevel=
WshShell.RegRead(strBaseKey & strInternetZone3Key &
"CurrentLevel")
'Check
that Internet Zone is set to High security; if not: ABORT
If
CurrentLevel <> HighSecurity then
MsgBox "Set Internet
Zone Security Level to High then Try Again."&Chr(13)&Chr(10)&
_
"Current Level= 0x" &
Hex(CurrentLevel),vbExclamation _
,"Internet Zone Security
Level is not set to High"
Wscript.Quit
End
If
strRegValues= _
Hex(WshShell.RegRead (strBaseKey &
strInternetZone3Key & "1400"))&
_
Hex(WshShell.RegRead (strBaseKey & strInternetZone3Key &
"1601"))& _
Hex(WshShell.RegRead (strBaseKey &
strInternetZone3Key & "1803"))& _
Hex(WshShell.RegRead (strBaseKey & strInternetZone3Key &
"1806"))
'Read Current settings;
if they don't match "Old setting" in the table: ABORT
'
NOTE: For VISTA change "3133" to "3131".
If
strRegValues<>"3133" then
MsgBox "Found
values=" & strRegValues, _
vbExclamation,"Unexpected
Registry Value"
Wscript.Quit
End If
WshShell.RegWrite
strBaseKey & strInternetZone3Key & "1400", "0",
"REG_DWORD"
WshShell.RegWrite strBaseKey &
strInternetZone3Key & "1601", "0",
"REG_DWORD"
WshShell.RegWrite
strBaseKey & strInternetZone3Key & "1803", "0",
"REG_DWORD"
WshShell.RegWrite strBaseKey &
strInternetZone3Key & "1806", "1",
"REG_DWORD"
MsgBox "Registry updated"
The program first checks that the slider was set to HighSecurity; that information is in the key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ CurrentLevel
Where HKCU is the Hkeycurrent user use HKLM for the local macine.
If that checks out, the program readd the old values to make sure they matchthe expected values. That's in case we are dealing with a nonstandard system. Anything not right causes the program to quit before it actually writes to the registry and that's done at the end followed by message box notification that lets the user know that something actually happened.
Once the values are set, the “Current Level” is automatically set to &H0 by the system after you repoen the Security window. For that reason if you run the program a second time without resetting the security slider to High, the program reads the new values then indicates "unexpected registry value.”
Note that we add the option "Launch applications and unsafe files" with prompt. In Vista "Launch applications and unsafe files" is already set to prompt and you must change the code slightly for Vista:(see the code comments) This will give you a prompt when downloading a file from the internet. Just make sure you read the prompt first.
Details of the Internet Explorer Security Zone keys are found in the Microsoft document:
http://support.microsoft.com/kb/182569
Internet Explorer security zones registry entries for advanced users
ID182569 3March2009 Revision 17.0.
The document only covers up to IE7 and has a few errors in it but it's the best they offer.