(imported topic written by FITZPAW91)
Hi all,
For many of the Microsoft security patches, one of the work arounds is to have your Windows 2003 running Internet Explorer in Enhanced Security Configuration mode. It is in this mode by default, but some of my admins may have changed this setting and forgotten about it. How would I verify this is in place or not in place using BigFix.
Thanks
(imported comment written by BenKus)
Hey Fitzpaw,
I don’t think that we have any existing content to do this… does anyone know if there is a reg key that has this data somewhere?
Ben
(imported comment written by FITZPAW91)
Hi Ben,
I found the registry key, it is HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\ieharden\ and it must be equaled to 1. But i need to know if it is valid for any user, not just the current user. Any idea on how would I do this.
Thanks
William
(imported comment written by jeremylam)
I’m almost certain that any changes in HKEY_CURRENT_USER will only apply to the logged in user - for changes to happen systemwide, you’ll probably need to change HKEY_LOCAL_MACHINE and possibly also in HKCU as the two branches are merged. The only information I can find on Microsoft’s web site:
TechNet Forums
alludes to both branches.
(imported comment written by FITZPAW91)
Thanks Jeremy
I am willing to try it with HKLM, but could you help me with the Relevance part please?
Thanks
William
(imported comment written by BenKus)
Try this:
value “ieharden” of key “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap” of registry != 1
Ben
(imported comment written by FITZPAW91)
Thanks Ben,
I ran it with HKLM and without the ! to find out if it was active or not. With the ! it was showing as false. What does the ! do anyways.
Once again thanks for the help
William
(imported comment written by BenKus)
The “!=” means “not equals”.
So the Fixlet will be relevant “true” if the value is not set to 1.
Ben