IEcontroller works as a loader of the IE.
When IE starts a new CoCreateInstanceEx or CoGetClassObject
the IEController decides, if the object with the appropriate CLSID is
allowed or not.
This sounds similar to the "administrator approved" checkmark in the
security setting of the IE (together with
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\In
tern
et Settings\AllowedControls]),
but is different as IE still starts DCOM objects even when no ActiveX
control is allowed by the administrator:
Test the IEcontroller, the menus are in English:
download the files from
http://www.heise.de/ct/ftp/projekte/iecontroller/downloads/iecontroller.
zip
extract the files to a directory on your local disk
start the IEController.exe and assign a name for the configuration
(profile). The menu is in English! Click start and IE is started.
After clicking on the IEController icon the IE is started automatically.
when you click on the old IE icon, nothing has changed - you are not using
IEcontroller.
If you want to change the settings again, double-click on the IEC icon, but
keep the left mouse pressed.
that's all
cheers
Roland
-----Original Message-----
From: Bourque Daniel [mailto:Daniel.Bourque (at) loto-quebec (dot) com [email concealed]]
Sent: Thursday, October 16, 2003 7:01 PM
To: 'Philipp, Roland'; 'Sergey V. Gordeychik'; A.Koot (at) Unive (dot) NL [email concealed];
focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE : Blocking and allowing ActiveX
Anybody care to translate the page / doc for us?
-----Message d'origine-----
De : Philipp, Roland [mailto:Roland.Philipp (at) bknkids (dot) com [email concealed]]
Envoyé : 16 octobre, 2003 12:49
À : 'Sergey V. Gordeychik'; A.Koot (at) Unive (dot) NL [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Objet : RE: Blocking and allowing ActiveX
Good news for all IE user:
C't, German's biggest newspaper for IT, developed a tool (IE Controller)
that controls under NT/2000/XP what COM-Objects (Component Object Model)are
started from IE, which programs are started and what Data is accessed.
check it out:
http://www.heise.de/ct/ftp/projekte/iecontroller/
http://www.heise.de/ct/03/21/108/
cheers
Roland
-----Original Message-----
From: Sergey V. Gordeychik [mailto:gordey (at) infosec (dot) ru [email concealed]]
Sent: Monday, September 29, 2003 7:28 AM
To: A.Koot (at) Unive (dot) NL [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Blocking and allowing ActiveX
You cat try map logon script to accounts. Script must modify registry key
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
When IE starts a new CoCreateInstanceEx or CoGetClassObject
the IEController decides, if the object with the appropriate CLSID is
allowed or not.
This sounds similar to the "administrator approved" checkmark in the
security setting of the IE (together with
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\In
tern
et Settings\AllowedControls]),
but is different as IE still starts DCOM objects even when no ActiveX
control is allowed by the administrator:
Test the IEcontroller, the menus are in English:
download the files from
http://www.heise.de/ct/ftp/projekte/iecontroller/downloads/iecontroller.
zip
extract the files to a directory on your local disk
start the IEController.exe and assign a name for the configuration
(profile). The menu is in English! Click start and IE is started.
After clicking on the IEController icon the IE is started automatically.
when you click on the old IE icon, nothing has changed - you are not using
IEcontroller.
If you want to change the settings again, double-click on the IEC icon, but
keep the left mouse pressed.
that's all
cheers
Roland
-----Original Message-----
From: Bourque Daniel [mailto:Daniel.Bourque (at) loto-quebec (dot) com [email concealed]]
Sent: Thursday, October 16, 2003 7:01 PM
To: 'Philipp, Roland'; 'Sergey V. Gordeychik'; A.Koot (at) Unive (dot) NL [email concealed];
focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE : Blocking and allowing ActiveX
Anybody care to translate the page / doc for us?
-----Message d'origine-----
De : Philipp, Roland [mailto:Roland.Philipp (at) bknkids (dot) com [email concealed]]
Envoyé : 16 octobre, 2003 12:49
À : 'Sergey V. Gordeychik'; A.Koot (at) Unive (dot) NL [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Objet : RE: Blocking and allowing ActiveX
Good news for all IE user:
C't, German's biggest newspaper for IT, developed a tool (IE Controller)
that controls under NT/2000/XP what COM-Objects (Component Object Model)are
started from IE, which programs are started and what Data is accessed.
check it out:
http://www.heise.de/ct/ftp/projekte/iecontroller/
http://www.heise.de/ct/03/21/108/
cheers
Roland
-----Original Message-----
From: Sergey V. Gordeychik [mailto:gordey (at) infosec (dot) ru [email concealed]]
Sent: Monday, September 29, 2003 7:28 AM
To: A.Koot (at) Unive (dot) NL [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Blocking and allowing ActiveX
You cat try map logon script to accounts. Script must modify registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains
(see http://support.microsoft.com/?kbid=182569)
In can by trivial *.cmd file:
regedit -s file.reg
Regards.
-----Original Message-----
From: A.Koot (at) Unive (dot) NL [email concealed] [mailto:A.Koot (at) Unive (dot) NL [email concealed]]
Sent: Wednesday, September 24, 2003 2:01 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Blocking and allowing ActiveX
Hello all,
So, these sites are entered in the Trusted Zone in IE.
We have some 2500 PC's... so, there you have our problem.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
------------------------------------------------------------------------
---
[ reply ]