Ascii2 Posted February 19, 2008 Share Posted February 19, 2008 (edited) At HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, exist DWORD values "Flags".I have found different sources using different values for the "Flags" DWORD.Some sources:http://support.microsoft.com/kb/182569/http://antionline.com/showthread.php?t=237895http://surfthenetsafely.com/ieseczone3.htmAlthough, a Microsoft Corporation article is one of the sources, other sources use other values for "Flags" that are not documented in the Microsoft Knowledgebase article.What are the valid values for "Flags" and what effect do they have?Relevant operating systems: Windows 2000, XP, and Server 2003 families Edited November 23, 2008 by Ascii2 Link to comment Share on other sites More sharing options...
cluberti Posted February 19, 2008 Share Posted February 19, 2008 What you've found is all accurate - the reason 0x47 (71 decimal) "unhides" the My Computer zone is simple math, as it sets the following values: Value Setting ------------------------------------------------------------------ 1 Allow changes to custom settings 2 Allow users to add Web sites to this zone 4 Require verified Web sites (https protocol) 64 Show the Requires Server Verification dialog boxNote that 32 (Do not show security zone in Internet Properties) is not set, meaning the zone IS shown. Setting it to 0x27 (33 decimal) means that the following are set: Value Setting ------------------------------------------------------------------ 1 Allow changes to custom settings 32 Do not show security zone in Internet Properties (default setting for My Computer)Note that this will hide the security zone.There are other valid configurations that make 32 set as well, but you have to do the math (in decimal, then convert to hex to set the reg key if you're doing it in a .reg) to figure out what numbers include what settings, and what they exclude. These are additive, remember. Link to comment Share on other sites More sharing options...
Ascii2 Posted February 20, 2008 Author Share Posted February 20, 2008 (edited) I believe I now understand the different meanings of the values for the "Flag" DWORD.I tried to apply different values for "Flags" in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives using REGEDIT on Windows 2000 Professional with Service Pack 4. After apply the values, I could not observe changes in behavior of the display in the Internet Properties dialog box, even after restarting Windows.After using a VBS script to apply the changes to the "Flags" values, the changes in behavior of the display in the Internet Properties dialog box were observable immediately.Why was the VBS script able to change Internet Security behavior, but changing the "Flags" values in the Registry Editor did not? Edited February 23, 2008 by Ascii2 Link to comment Share on other sites More sharing options...
cluberti Posted February 20, 2008 Share Posted February 20, 2008 I believe I now understand the different meanings of the values for the "Flag" DWORD.I tried to apply different values for "Flags" in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives using REGEDIT on Windows 2000 Professional with Service Pack 4. After apply the values, I could not observe changes in behavior of the display in the Internet Properties dialog box, even after restarting Windows.After using a VBS script to apply the changes to the "Flags" values, the changes in behavior of the display in the Internet Properties dialog box were observable.Why was the VBS script able to change Internet Security behavior, but changing the "Flags" values in the Registry Editor did not?Those settings are read by explorer.exe on start, and iexplore.exe as well on start (or clicking tools > options). Best practices for changing security zone settings like that is to reboot after making changes, or at least log off and back on. Not sure why the vbscript worked and the reg change did not, unless you had IE open when you changed it manually and did not when you used the vbscript (just guessing). Link to comment Share on other sites More sharing options...
Ascii2 Posted February 23, 2008 Author Share Posted February 23, 2008 (edited) Those settings are read by explorer.exe on start, and iexplore.exe as well on start (or clicking tools > options). Best practices for changing security zone settings like that is to reboot after making changes, or at least log off and back on. Not sure why the vbscript worked and the reg change did not, unless you had IE open when you changed it manually and did not when you used the vbscript (just guessing).IE was not open when I attempted to change the settings.Also, I forgot to mention that the change using the VBscript was observable immediately in the Internet Properties box after the running of the script (but not open when script run).I have rebooted like nine times after I last posted, installed Microsoft mouse software (with driver), and a newer version of my chipset (nVidia nForce4 SLI) drivers. I am now able to make the changes in the Registry Editor and immediately observe the changes in the Internet Properties dialog box (although I do not know why I was not able to before). Edited November 23, 2008 by Ascii2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now