image/svg+xml
Logo Tom's Hardware
  • Hardware
  • Videogiochi
  • Mobile
  • Elettronica
  • EV
  • Scienze
  • B2B
  • Quiz
  • Tom's Hardware Logo
  • Hardware
  • Videogiochi
  • Mobile
  • Elettronica
  • EV
  • Scienze
  • B2B
  • Quiz
  • Forum
  • Sconti & Coupon
Sconti & Coupon
Accedi a Xenforo
Immagine di Cerchi una cosa, Amazon te ne mostra un'altra: che diavolo succede? [Sondaggio] Cerchi una cosa, Amazon te ne mostra un'altra: che diavolo s...
Immagine di La Cina ordina lo stop alla produzione di memorie DDR4 La Cina ordina lo stop alla produzione di memorie DDR4...

Configurare e ottimizzare Windows: Internet Explorer vs CESG

Grazie al CESG, l'authority britannica che cura gli aspetti tecnici legati alla sicurezza delle informazioni, è possibile mettere Internet Explorer in una vera e propria "botte di ferro".

Advertisement

Quando acquisti tramite i link sul nostro sito, potremmo guadagnare una commissione di affiliazione. Scopri di più
Avatar di Alessio Mei

a cura di Alessio Mei

Pubblicato il 04/05/2015 alle 09:55 - Aggiornato il 06/05/2015 alle 17:45
firma oneclickinstaller

La precedente settimana vi abbiamo spiegato come, grazie all'ausilio dei file batch, sia possibile personalizzare in modo facile e veloce le principali impostazioni di IE 11.

Nell'articolo odierno, invece, vogliamo porre una particolare ed esclusiva attenzione su quelli che sono considerati gli aspetti probabilmente più importanti per un browser: la sicurezza.

Molti di voi concorderanno sul fatto che sia spesso difficile mettere dei punti fermi e irremovibili quando si parla di sicurezza in ambiente IT. È per questo che abbiamo deciso di seguire passo passo le raccomandazioni del CESG, la quale ha redatto un documento in cui vengono fornite delle precise indicazioni su come "blindare" Internet Explorer.

Come ormai avrete intuito, lo scopo di questa rubrica non è tanto quello di fornirvi rigide e severe indicazioni su come impostare l'uno o l'altro parametro di Windows e dei suoi applicativi, ma come farlo utilizzando i comodi file ".cmd". Starà poi a voi personalizzare secondo le vostre esigenze ciò che vi abbiamo proposto. Questo vale anche (e soprattutto) per l'articolo odierno, col quale ci rivolgiamo in particolar modo agli utenti più esperti e ai professionisti IT che seguono in prima persona gli aspetti e le problematiche inerenti la sicurezza.

Nel fornirvi i comandi sottostanti, abbiamo inoltre deciso di mantenerne i commenti in inglese, così da facilitarvi il diretto confronto con la guida originale proposta dal CESG.

CESG

Browser Security Guidance - Microsoft Internet Explorer (Published 28 November 2014)

:: User Configuration

:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable changing Automatic Configuration settings
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v Autoconfig /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent "Fix settings" functionality
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Security" /v DisableFixSecuritySettings /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent managing SmartScreen Filter
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter" /v EnabledV9 /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent participation in the Customer Experience Improvement Program
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\SQM" /v DisableCustomerImprovementProgram /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent running First Run wizard
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off suggestions for all user-installed providers
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes" /v ShowSearchSuggestionsGlobal /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on compatibility logging
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging" /v iexplore.exe /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on Suggested Sites
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites" /v Enabled /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Restrict Accelerators to those deployed through Group Policy
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions" /v UsePolicyActivitiesOnly /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off Accelerators
:: REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Activities" /v NoActivities /t REG_DWORD /d 0 /f
:: REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Activities" /v NoActivities /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt" /v (Reserved) /t REG_SZ /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt" /v explorer.exe /t REG_SZ /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt" /v iexplore.exe /t REG_SZ /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Help menu: Remove 'Send Feedback' menu option
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoHelpItemSendFeedback /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Advanced page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v AdvancedTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Connections page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ConnectionsTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Privacy page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v PrivacyTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Security page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v SecurityTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow active content from CDs to run on user machines
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings" /v LOCALMACHINE_CD_UNLOCK /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Do not allow resetting Internet Explorer settings
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v DisableRIED /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Do not save encrypted pages to disk
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v DisableCachingOfSSLPages /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Empty Temporary Internet Files folder when browser is closed
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" /v Persistent /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off encryption support
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v SecureProtocols /t REG_DWORD /d 2688 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off the flip ahead with page prediction feature
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\FlipAhead" /v Enabled /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Use HTTP 1.1
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v EnableHttp1_1 /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Use HTTP 1.1 through proxy connections
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyHttp1.1 /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Site to Zone Assignment List
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ListBox_Support_ZoneMapKey /t REG_DWORD /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey" /v /t REG_DWORD /d /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow cut, copy, or paste operations from the clipboard via script
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1407 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow font downloads
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1604 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow video and animation on a webpage that uses an older media player
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 120A /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Display mixed content
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1609 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Include local path when user is uploading files to a server
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 160A /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Java permissions
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1C00 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Render legacy filters
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 270B /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Run .NET Framework-reliant components not signed with Authenticode
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2004 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Run .NET Framework-reliant components signed with Authenticode
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2001 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Scripting of Java applets
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1402 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on Cross-Site Scripting Filter
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1409 /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on Protected Mode
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2500 /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on script debugging
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main" /v "Disable Script Debugger" /t REG_SZ /d yes /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Start the Internet Connection Wizard automatically
REG ADD "HKCU\Software\Policies\Microsoft\Internet Connection Wizard" /v DisableICW /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on inline AutoComplete
REG ADD HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete /v "Append Completion" /t REG_SZ /d no /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off Windows Search AutoComplete
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch" /v EnabledScopes /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Establish Tracking Protection threshold
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" /v TrackingProtectionThreshold /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off Data URI support
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI" /v iexplore.exe /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Add-on List
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext /v ListBox_Support_CLSID /t REG_DWORD /d 1 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {D27CDB6E-AE6D-11CF-96B8-444553540000} /t REG_SZ /d 1 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {CA8A9780-280D-11CF-A24D-444553540000} /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Deny all add-ons unless specifically allowed in the Add-on List
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext /v RestrictToList /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext /v RunThisTimeEnabled /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Mime Sniffing Safety Feature > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v iexplore.exe /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > MK Protocol Security Restriction > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL" /v iexplore.exe /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Protection From Zone Elevation > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v iexplore.exe /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Scripted Window Security Restrictions > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" /v iexplore.exe /t REG_SZ /d 1 /f

:: Add-On Management (User Configuration)

REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {D27CDB6E-AE6D-11CF-96B8-444553540000} /t REG_SZ /d 1 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {CA8A9780-280D-11CF-A24D-444553540000} /t REG_SZ /d 1 /f

:: Cookie Control (User Configuration)

:: Run > regedit
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v PrivacyAdvanced /t REG_DWORD /d 1 /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v {AEBA21FA-782A-4A90-978D-B72164C80120} /t REG_BINARY /d 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v {A8A88C49-5EB2-4990-A1A2-0876022C854F} /t REG_BINARY /d 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a1539 /f

:: Proxy Settings (User Configuration)

:: Control Panel > Internet Options > Connections > Local Area Network (LAN) settings > LAN settings > Proxy server > Use a proxy server for your LAN (These settings will not apply to a dial-up or VPN connections).
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
:: Control Panel > Internet Options > Connections > Local Area Network (LAN) settings > LAN settings > Proxy server > Address:
:: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d Address:Port /f
:: Control Panel > Internet Options > Connections > Local Area Network (LAN) settings > LAN settings > Proxy server > Bypass proxy server for local addresses
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /t REG_SZ /d "" /f

:: Computer Configuration

:: Run > gpedit.msc > Computer Configuration > Administrative Templates > All Settings >  Security Zones: Use only machine settings
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v Security_HKLM_only /t REG_DWORD /d 1 /f

Ora che sotto la scocca del vostro PC vegliano le indicazioni del CESG, potrete anche vantarvi con colleghi ed amici di avere la stessa configurazione dei servizi segreti di Sua Maestà... loro non vi prenderanno di certo sul serio, ma voi saprete che sotto sotto un fondo di verità c'è sicuramente...

Agenti rimanete sintonizzati, perchè la prossima settimana vi aspettano nuovi ed interessanti batch!

Leggi altri articoli

👋 Partecipa alla discussione! Scopri le ultime novità che abbiamo riservato per te!

0 Commenti

⚠️ Stai commentando come Ospite . Vuoi accedere?

Questa funzionalità è attualmente in beta, se trovi qualche errore segnalacelo.

Segui questa discussione
Advertisement

Non perdere gli ultimi aggiornamenti

Newsletter Telegram

I più letti di oggi

  • #1
    BYD taglia i prezzi fino al 34% e scatena una guerra commerciale
  • #2
    La Cina ordina lo stop alla produzione di memorie DDR4
  • #3
    Avete queste Fire Stick TV? Allora dite addio a Netflix
  • #4
    Samsung Galaxy, prezzi alle stelle (+40%) con nuovi dazi
  • #5
    Ecco il supercharger portatile da 1 MegaWatt
  • #6
    CPU ok, RAM in abbondanza... questo Mini PC da 272€ è un vero affare
Articolo 1 di 5
La Cina ordina lo stop alla produzione di memorie DDR4
La Cina sta riscrivendo la sua strategia tecnologica nel settore delle memorie, con un cambio di rotta che coglie di sorpresa l'intero mercato.
Immagine di La Cina ordina lo stop alla produzione di memorie DDR4
3
Leggi questo articolo
Articolo 2 di 5
Cerchi una cosa, Amazon te ne mostra un'altra: che diavolo succede? [Sondaggio]
Da qualche giorno la ricerca Amazon fa un po' quello che vuole, mostrando prodotti diversi da quelli cercati. Cosa sta succedendo?
Immagine di Cerchi una cosa, Amazon te ne mostra un'altra: che diavolo succede? [Sondaggio]
18
Leggi questo articolo
Articolo 3 di 5
500€ di sconto per questo notebook con RTX 4060 e Core i7
Unieuro mette uno sconto eccezionale sul MSI Cyborg 15: laptop gaming con RTX 4060 e processore i7-13620H ora a 999€ invece di 1499€.
Immagine di 500€ di sconto per questo notebook con RTX 4060 e Core i7
Leggi questo articolo
Articolo 4 di 5
La mitica GTX 970 risorge con 8GB di VRAM
Tutto, ovviamente, grazie a una mod. I benchmark migliorano di netto, ma come andrà nei giochi?
Immagine di La mitica GTX 970 risorge con 8GB di VRAM
6
Leggi questo articolo
Articolo 5 di 5
Intel, un dipendente ha truffato l'azienda per quasi un milione di dollari
Due persone accusate di aver sottratto oltre $840.000 a Intel attraverso una presunta collusione tra un dipendente e un complice esterno.
Immagine di Intel, un dipendente ha truffato l'azienda per quasi un milione di dollari
Leggi questo articolo
Advertisement
Advertisement

Advertisement

Footer
Tom's Hardware Logo

 
Contatti
  • Contattaci
  • Feed RSS
Legale
  • Chi siamo
  • Privacy
  • Cookie
  • Affiliazione Commerciale
Altri link
  • Forum
Il Network 3Labs Network Logo
  • Tom's Hardware
  • SpazioGames
  • CulturaPop
  • Data4Biz
  • TechRadar
  • SosHomeGarden
  • Aibay

Tom's Hardware - Testata giornalistica associata all'USPI Unione Stampa Periodica Italiana, registrata presso il Tribunale di Milano, nr. 285 del 9/9/2013 - Direttore: Andrea Ferrario

3LABS S.R.L. • Via Pietro Paleocapa 1 - Milano (MI) 20121
CF/P.IVA: 04146420965 - REA: MI - 1729249 - Capitale Sociale: 10.000 euro

© 2025 3Labs Srl. Tutti i diritti riservati.