La precedente settimana vi abbiamo spiegato come, grazie all'ausilio dei file batch, sia possibile personalizzare in modo facile e veloce le principali impostazioni di IE 11.
Nell'articolo odierno, invece, vogliamo porre una particolare ed esclusiva attenzione su quelli che sono considerati gli aspetti probabilmente più importanti per un browser: la sicurezza.
Molti di voi concorderanno sul fatto che sia spesso difficile mettere dei punti fermi e irremovibili quando si parla di sicurezza in ambiente IT. È per questo che abbiamo deciso di seguire passo passo le raccomandazioni del CESG, la quale ha redatto un documento in cui vengono fornite delle precise indicazioni su come "blindare" Internet Explorer.
Come ormai avrete intuito, lo scopo di questa rubrica non è tanto quello di fornirvi rigide e severe indicazioni su come impostare l'uno o l'altro parametro di Windows e dei suoi applicativi, ma come farlo utilizzando i comodi file ".cmd". Starà poi a voi personalizzare secondo le vostre esigenze ciò che vi abbiamo proposto. Questo vale anche (e soprattutto) per l'articolo odierno, col quale ci rivolgiamo in particolar modo agli utenti più esperti e ai professionisti IT che seguono in prima persona gli aspetti e le problematiche inerenti la sicurezza.
Nel fornirvi i comandi sottostanti, abbiamo inoltre deciso di mantenerne i commenti in inglese, così da facilitarvi il diretto confronto con la guida originale proposta dal CESG.
:: User Configuration
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable changing Automatic Configuration settingsREG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v Autoconfig /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent "Fix settings" functionality
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Security" /v DisableFixSecuritySettings /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent managing SmartScreen Filter
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter" /v EnabledV9 /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent participation in the Customer Experience Improvement Program
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\SQM" /v DisableCustomerImprovementProgram /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Prevent running First Run wizard
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main" /v DisableFirstRunCustomize /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off suggestions for all user-installed providers
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes" /v ShowSearchSuggestionsGlobal /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on compatibility logging
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging" /v iexplore.exe /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on Suggested Sites
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites" /v Enabled /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Restrict Accelerators to those deployed through Group Policy
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions" /v UsePolicyActivitiesOnly /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off Accelerators
:: REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Activities" /v NoActivities /t REG_DWORD /d 0 /f
:: REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Activities" /v NoActivities /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt" /v (Reserved) /t REG_SZ /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt" /v explorer.exe /t REG_SZ /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt" /v iexplore.exe /t REG_SZ /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Help menu: Remove 'Send Feedback' menu option
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoHelpItemSendFeedback /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Advanced page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v AdvancedTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Connections page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ConnectionsTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Privacy page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v PrivacyTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Disable the Security page
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v SecurityTab /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow active content from CDs to run on user machines
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings" /v LOCALMACHINE_CD_UNLOCK /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Do not allow resetting Internet Explorer settings
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v DisableRIED /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Do not save encrypted pages to disk
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v DisableCachingOfSSLPages /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Empty Temporary Internet Files folder when browser is closed
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" /v Persistent /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off encryption support
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v SecureProtocols /t REG_DWORD /d 2688 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off the flip ahead with page prediction feature
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\FlipAhead" /v Enabled /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Use HTTP 1.1
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v EnableHttp1_1 /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Use HTTP 1.1 through proxy connections
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyHttp1.1 /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Site to Zone Assignment List
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ListBox_Support_ZoneMapKey /t REG_DWORD /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey" /v /t REG_DWORD /d /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow cut, copy, or paste operations from the clipboard via script
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1407 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1407 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow font downloads
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1604 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1604 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Allow video and animation on a webpage that uses an older media player
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 120A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 120A /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Display mixed content
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1609 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1609 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Include local path when user is uploading files to a server
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 160A /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 160A /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Java permissions
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1C00 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1C00 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Render legacy filters
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 270B /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 270B /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Run .NET Framework-reliant components not signed with Authenticode
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2004 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2004 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Run .NET Framework-reliant components signed with Authenticode
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2001 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2001 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Scripting of Java applets
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1402 /t REG_DWORD /d 3 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1402 /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on Cross-Site Scripting Filter
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 1409 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 1409 /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on Protected Mode
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 2500 /t REG_DWORD /d 0 /f
REG ADD "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4" /v 2500 /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on script debugging
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main" /v "Disable Script Debugger" /t REG_SZ /d yes /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Start the Internet Connection Wizard automatically
REG ADD "HKCU\Software\Policies\Microsoft\Internet Connection Wizard" /v DisableICW /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn on inline AutoComplete
REG ADD HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete /v "Append Completion" /t REG_SZ /d no /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off Windows Search AutoComplete
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch" /v EnabledScopes /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Establish Tracking Protection threshold
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" /v TrackingProtectionThreshold /t REG_DWORD /d 3 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Turn off Data URI support
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI" /v iexplore.exe /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Add-on List
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext /v ListBox_Support_CLSID /t REG_DWORD /d 1 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {D27CDB6E-AE6D-11CF-96B8-444553540000} /t REG_SZ /d 1 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {CA8A9780-280D-11CF-A24D-444553540000} /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Deny all add-ons unless specifically allowed in the Add-on List
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext /v RestrictToList /t REG_DWORD /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > All Settings > Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext /v RunThisTimeEnabled /t REG_DWORD /d 0 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Mime Sniffing Safety Feature > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v iexplore.exe /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > MK Protocol Security Restriction > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL" /v iexplore.exe /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Protection From Zone Elevation > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v iexplore.exe /t REG_SZ /d 1 /f
:: Run > gpedit.msc > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Scripted Window Security Restrictions > Internet Explorer Processes
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" /v (Reserved) /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" /v explorer.exe /t REG_SZ /d 1 /f
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS" /v iexplore.exe /t REG_SZ /d 1 /f
:: Add-On Management (User Configuration)
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {D27CDB6E-AE6D-11CF-96B8-444553540000} /t REG_SZ /d 1 /fREG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {CA8A9780-280D-11CF-A24D-444553540000} /t REG_SZ /d 1 /f
:: Cookie Control (User Configuration)
:: Run > regeditREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v PrivacyAdvanced /t REG_DWORD /d 1 /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v {AEBA21FA-782A-4A90-978D-B72164C80120} /t REG_BINARY /d 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v {A8A88C49-5EB2-4990-A1A2-0876022C854F} /t REG_BINARY /d 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a1539 /f
:: Proxy Settings (User Configuration)
:: Control Panel > Internet Options > Connections > Local Area Network (LAN) settings > LAN settings > Proxy server > Use a proxy server for your LAN (These settings will not apply to a dial-up or VPN connections).REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
:: Control Panel > Internet Options > Connections > Local Area Network (LAN) settings > LAN settings > Proxy server > Address:
:: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d Address:Port /f
:: Control Panel > Internet Options > Connections > Local Area Network (LAN) settings > LAN settings > Proxy server > Bypass proxy server for local addresses
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /t REG_SZ /d "<local>" /f
:: Computer Configuration
:: Run > gpedit.msc > Computer Configuration > Administrative Templates > All Settings > Security Zones: Use only machine settingsREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v Security_HKLM_only /t REG_DWORD /d 1 /f
Ora che sotto la scocca del vostro PC vegliano le indicazioni del CESG, potrete anche vantarvi con colleghi ed amici di avere la stessa configurazione dei servizi segreti di Sua Maestà... loro non vi prenderanno di certo sul serio, ma voi saprete che sotto sotto un fondo di verità c'è sicuramente...
Agenti rimanete sintonizzati, perchè la prossima settimana vi aspettano nuovi ed interessanti batch!