 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Internet Explorer / General Topics / July 2007IE7 Security Zone Settings in registry get reset
OS: Vista Enterprise/Business The IE7 Zone Security Settings are set by editing registry values in HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\, and Security_HKLM_only is set to 1. When a user, who has local admin rights, logs on for the first time the HKLM\..\Zones\ values for the security zone 2 (Trusted Site) and 3 (Internet) get reset to values defined under HKLM\...\TemplatePolicies. This changes only happen for the first logon and when Security_HKLM_only=1. Is there any way to stop this changes from happening? > OS: Vista Enterprise/Business > The IE7 Zone Security Settings are set by editing registry values in [quoted text clipped - 8 lines] > when Security_HKLM_only=1. Is there any way to stop this changes from > happening? It might be a security program blocking the Registry change it needs to make. A few, but not all, of the programs now doing this are: Ad-aware's Ad-Watch IBM Access Connections McAfee VirusScan and/or Antispyware Norton AV Spyware Blaster Spybot> Tools> IE Tweaks Spybot- Teatimer Spysweeper Spyware Doctor Windows Defender Zone Alarm (free) 6.5 Reported to be fixed in later versions. In the case of Zone Alarm 6.5 or Norton 2007 it actually has to be uninstalled. Make sure the Windows Firewall is turned on until you reinstall Zone Alarm. Boot into Safe Mode with Networking and try the change.  SignatureFrank Saunders, MS-MVP OE/WM Do not send mail. The issue is that the settings get changed, not that they cannot be changed. We do not want the original custom HKLM registry settings on a client PC to change when an admin logon to the Client PC for the first time. Any ideas? Thanks. > > OS: Vista Enterprise/Business > > The IE7 Zone Security Settings are set by editing registry values in [quoted text clipped - 28 lines] > > Boot into Safe Mode with Networking and try the change. I suggest that you re-read the answer that Frank has posted for your issue. SignaturePeter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. > The issue is that the settings get changed, not that they cannot be changed. > We do not want the original custom HKLM registry settings on a client PC to [quoted text clipped - 33 lines] >> >> Boot into Safe Mode with Networking and try the change. The issue is somehow related to the CurrentLevel value for the zone that get changed from to the non zero value. I have know idea why this value get changed only when an admin user who does not have a local profile logs on for the first time. Thanks for all your help. > I suggest that you re-read the answer that Frank has posted for your issue. > [quoted text clipped - 35 lines] > >> > >> Boot into Safe Mode with Networking and try the change. > The issue is somehow related to the CurrentLevel value for the zone that get > changed from to the non zero value. I have know idea why this value get > changed only when an admin user who does not have a local profile logs on for > the first time. If none of the other suggestions are helping I would try running tracing both cases (e.g. using ProcMon) and comparing the two. E.g. perhaps that way you can detect if there is a difference in permissions that you could eliminate. Did you try using one of the spyware checkers which were mentioned? Perhaps their changes would be a simple way of achieving such changes? (I think that that is what both Frank and Peter may be implying.) Good luck Robert Aldwinckle --- > Thanks for all your help. > [quoted text clipped - 37 lines] >> >> >> >> Boot into Safe Mode with Networking and try the change. Are /any/ of the applications Frank listed installed? Signature~Robear Dyer (PA Bear) MS MVP-Windows (IE, OE, Security, Shell/User) AumHa VSOP & Admin; DTS-L.org > The issue is that the settings get changed, not that they cannot be > changed. [quoted text clipped - 39 lines] >> Frank Saunders, MS-MVP OE/WM >> Do not send mail. If I understand, you change the settings and they work until you reboot, when they revert to what they were. Something is preventing your change from actually writing to the Registry. Did you try it in Safe Mode? > The issue is that the settings get changed, not that they cannot be > changed. [quoted text clipped - 37 lines] >> >> Boot into Safe Mode with Networking and try the change. No Frank, you got it wrong. The settings are ok and they are the same for all users (that's why we are using HKLM and security_hkml_only) until a new user with local admin rights logon for the first tame and settings in HKLM for zones 2 and 3 get reset to defaulse (TemplatePolicies values). > If I understand, you change the settings and they work until you reboot, > when they revert to what they were. Something is preventing your change [quoted text clipped - 43 lines] > >> > >> Boot into Safe Mode with Networking and try the change. Do you realize this is the first time you've mentioned TemplatePolicies (GPO) since you first posted on 29 Jun-07? Signature~PA Bear > No Frank, you got it wrong. The settings are ok and they are the same for > all users (that's why we are using HKLM and security_hkml_only) until a [quoted text clipped - 52 lines] >>>> >>>> Boot into Safe Mode with Networking and try the change. No Frank, you got it wrong. The settings are ok and they are the same for all users (that's why we are using HKLM and security_hkml_only) until a new user with local admin rights logon for the first tame and settings in HKLM for zones 2 and 3 get reset to defaults (from TemplatePolicies values). It seems that when a local profile get creates, an internet profile get created too and since we are using Security_HKLM_ONly ant the user have admin rights the settings for IE get reset in HKLM insted in HKU. We do not want the IE settings in HKLM to get change ever. > If I understand, you change the settings and they work until you reboot, > when they revert to what they were. Something is preventing your change [quoted text clipped - 43 lines] > >> > >> Boot into Safe Mode with Networking and try the change. IE7 installed on the workstation was customised with IEAK7. > > OS: Vista Enterprise/Business > > The IE7 Zone Security Settings are set by editing registry values in [quoted text clipped - 28 lines] > > Boot into Safe Mode with Networking and try the change. I have had conflicts in settings made to IE7 directly and what group policies set. You might try running Group Policy Object editor (gpedit.msc) and going to User Config, Admin Templates, Windows Components, Internet explorer. > OS: Vista Enterprise/Business > The IE7 Zone Security Settings are set by editing registry values in [quoted text clipped - 8 lines] > when Security_HKLM_only=1. Is there any way to stop this changes from > happening? The group policy settings look ok. > I have had conflicts in settings made to IE7 directly and what group > policies set. You might try running Group Policy Object editor (gpedit.msc) [quoted text clipped - 13 lines] > > when Security_HKLM_only=1. Is there any way to stop this changes from > > happening? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.