BoardBabe Posted January 9, 2006 Share Posted January 9, 2006 How can I implement my list of restricted areas in IE secuirty options during UA setup?(Don't know the exact translation of the setting, as I'm running .no OS) Link to comment Share on other sites More sharing options...
Lazy8 Posted January 9, 2006 Share Posted January 9, 2006 Takeshi and RogueSpear offered the more elegant solutions here:http://www.msfn.org/board/index.php?showtopic=64641...whereas mine offers easier UI for novice users like me to find and change settings. If you go this route, you should be able to find a language version to suit you. Hope this reply addresses your question. Link to comment Share on other sites More sharing options...
RogueSpear Posted January 9, 2006 Share Posted January 9, 2006 Probably the easiest thing to do is export the registry key for restricted sites to a .reg file and then perform the import during your ua. Restricted sites is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\DomainsCookies (as in cookies to never accept) isHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\Historyand finally, ActiveX controls isHKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX CompatibilityI find it convenient to update SpywareBlaster and then export these three keys as they correspond to what SpywareBlaster is actually doing. This way you can import them from cmdlines.txt and know you have at least a minimum amount of protection right from the start. Link to comment Share on other sites More sharing options...
BoardBabe Posted January 9, 2006 Author Share Posted January 9, 2006 I knew about the activeX blocker, as I made an app that autoimplements the latest blocklist from spywareguide.com during UA, and checks for updates on run, but not the other two, thank you! Link to comment Share on other sites More sharing options...
BoardBabe Posted January 10, 2006 Author Share Posted January 10, 2006 If I add keys underHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\DomainsI't does'nt appear under zones. Only If I add under HKU...-sure its correct with HKLM...? Link to comment Share on other sites More sharing options...
RogueSpear Posted January 10, 2006 Share Posted January 10, 2006 (edited) What appears under Security Zones in the Internet control panel applet, is anything under HKCU. I prefer, and I think it's the better way to go, to put them under HKLM for two reasons - it protects everyone, including service accounts and secondly, the casual user will not see anything under the restricted zone and therefore won't be tempted to remove anything. Edited January 10, 2006 by RogueSpear Link to comment Share on other sites More sharing options...
BoardBabe Posted January 10, 2006 Author Share Posted January 10, 2006 It only appears under HKLM, not HKCU (even after reboot) and not in Security zones options thingy. Link to comment Share on other sites More sharing options...
RogueSpear Posted January 10, 2006 Share Posted January 10, 2006 So is it working for you under HKLM? I believe that's where both SpywareBlaster and Spybot both place their immunizing registry settings. Link to comment Share on other sites More sharing options...
BoardBabe Posted January 10, 2006 Author Share Posted January 10, 2006 SpyWare blaster puts it under HKU\S-1-5-21-xxxx\software...How can I know if it works or not? I believe not, cause it does not appear in zone list, and are not "copied" to HKCU. Link to comment Share on other sites More sharing options...
RogueSpear Posted January 10, 2006 Share Posted January 10, 2006 Try this line out:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Yahoo.com]"*"=dword:00000004That should put Yahoo in the restricted sites zone. Link to comment Share on other sites More sharing options...
BoardBabe Posted January 11, 2006 Author Share Posted January 11, 2006 Yeh, that's what im doing. I exported the regchanges made with SpyWareBlaster found with regshot from HKCU\S-1-5-21....SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\...Then changed path to above HKLM, however as previously staded this does not add to the list of restricted zones in IE, and does not copy to HKCU\samepath, and I have no idea how to test if a site is really restricted or not. Link to comment Share on other sites More sharing options...
boggen Posted January 11, 2006 Share Posted January 11, 2006 not sure about registery enteries. old way of putting in restrictions with with lmhosts file located in windows\system32 directory see lmhosts.sam for sample file and info.to put in restrticted sites. instead of putting actuall IP to name put in loopback IPaka127.0.0.1 nono.com127.0.0.1 forgetit.cometc...when folks attempt to goto site they get url not found. Link to comment Share on other sites More sharing options...
BoardBabe Posted January 11, 2006 Author Share Posted January 11, 2006 Any ideas? Im kinda stuck here at HKLM not knowing if things work or not! Link to comment Share on other sites More sharing options...
RogueSpear Posted January 11, 2006 Share Posted January 11, 2006 (edited) @BoardBabe, This is all really puzzling to me. When I repackage SpywareBlaster, the captured registry settings are all within HKLM. Why it is otherwise for you is a mystery to me. I'm not saying you're making a mistake or anything like that, I'm just telling you my results from a repack capture project that I went back and looked at last night. What I can tell you is that I always export these three registry keys after updating both Spybot and SpywareBlaster (they both do immunizing) and import the resulting reg during installs, whether they be from CD/DVD or RIS based. And it certainly works because every now and then I get a call from someone complaining that a site they want to visit shows "Restricted" in the status bar of IE.@boggen, While it's true that this can work, I always disable LMHOSTS during setup since I also disable NetBIOS. Further, if you wanted to take an approach like that you might better off populating the hosts file with blacklisted sites. Or even better, use a freeware utility called eDexter which is a really small proxy that uses a hosts like file. The difference is that eDexter's blacklist file can use wildcards where hosts cannot. If you do a google search for "ad blocking hosts file" you'll find a lot out there with something like 14,000 sites it blocks. But this comes at a price and that is major, as in severe, performance issues. That's why eDexter is the better solution for that type of blocking. Edited January 11, 2006 by RogueSpear Link to comment Share on other sites More sharing options...
BoardBabe Posted January 11, 2006 Author Share Posted January 11, 2006 Humm I simply did a regshot while "running" SpywareBlaster, and the only changes made were in HKU... but ill try again and see if I can get a different result.Hmmm would sure like it If I could make an app that autoupdates the def that SpyBot or SpywareBlaster uses and then implements, the same way I did with www.spywareguide.com/blocklist.reg (blocks 3531 atm. activeX controllers). Wouldnt have an idea how to do so? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now