Results 1 to 3 of 3

Thread: Disabling Active Scripting in IE

  1. March 25th, 2003, 01:16 PM #1
    tonybradley
    tonybradley is offline
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Disabling Active Scripting in IE

    With so many of the vulnerabilities in Windows / Internet Explorer being based off of the ability to execute Active Scripting within a web page or HTML email message, it would benefit many to simply disable the ability to do so.

    However, some sites require that functionality or you may want that functionality to be able to view or interact with certain things. For those sites you would need to move them to your Trusted Sites zone (assumes you are using Internet Explorer to begin with).

    I wrote a brief tutorial for novice users to walk them through disabling Active Scripting in Internet Explorer. You can view the tutorial here:

    Rather than having you click on the link in my original post, I am presenting the tutorial information here:

    Here's How:

    1. Click on Tools on the menu bar at the top of Internet Explorer
    2. Click on Internet Options from the Tools drop-down menu
    3. When Internet Options opens up, click on the Security tab
    4. Select the Security Zone you wish to disable Active Scripting for- Internet, Local Intranet, Restricted or Trusted
    5. Selecting the default level High will automatically disable Active Scripting but may be too restrictive
    6. You may opt to use Medium as a baseline and customize it. Select the Custom Level button
    7. Set Reset Custom Settings to Medium and click the Reset button
    8. Set the options under ActiveX Controls and Plug-ins to Disable
    9. If you encounter sites that require Active Scripting to function you can add them to the Trusted Sites zone
    10. If you encounter sites that contain malicious code you can add them to the Restricted Sites zone


    Tips:

    1. Restricted Sites security zone should be set to High
    2. Trusted Sites security zone can be set to Medium or Low
    3. Local Intranet security zone includes only those sites from your own Intranet so should be safe on Medium or Low
    4. Internet security zone should be set to High or Medium with Active Scripting turned off
    Tony Bradley, CISSP, Microsoft MVP
    Follow me on Twitter
    Blogs:
    The Edge
    Evangelyze Communications Security
    Unified Communications: Click to Talk
    Reply With Quote Reply With Quote
  2. March 25th, 2003, 06:39 PM #2
    nirvanainheaven
    nirvanainheaven is offline
    Banned
    Join Date
    Sep 2002
    Posts
    17
    he he, too newbie
    Reply With Quote Reply With Quote
  3. March 25th, 2003, 07:14 PM #3
    MrLinus
    MrLinus is offline
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    You know, just because it's a basic tut doesn't take away it's value. Quite often we have many new members who are extremely new to security and sometimes don't know where to start. This can help them.

    So don't knock the simple stuff sometimes.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules