How to disable SP2 security warnings ?

  • Thread starter Thread starter Lucius Snow
  • Start date Start date
L

Lucius Snow

Hello all,

In order to make an unattended XP+SP2 CD, i'm looking for a reg tweak to
disable the following warning messages :

- when running or downloading an executable file (.reg, .bat, .exe etc.)
unsigned / from an unknown publisher

http://poubellelqt.free.fr/crap/cap1.jpg

- when moving from a website to another in IE, warning that a page is trying
to open a website not in the approved websites list

http://poubellelqt.free.fr/crap/cap2.jpg

These messages in the captures are in french but you may recognize them if
you've been running the SP2 and IE.

Thank you in advance
 
Registry Values and Levels

The various aspects of pop-up manager are controlled by values in the registry under HKCU\Software\Microsoft\Int ernet Explorer\New Windows. The registry values are all dword values, unless noted. Values are all either 0 or 1, unless noted.

PopupMgr - Whether the pop-up blocker feature is enabled or not. This is the checkbox on the privacy tab of the Internet Control Panel.
PlaySound - Whether or not a sound should be played when a pop-up is blocked. This sound is set in the Sound Control Panel.
ApplyToWebOC - Applications hosting the webbrowser control only get pop-up blocking if they opt in. This forces pop-up blocking on non-opted-in apps when true.
UseSecBand - Whether or not pop-up blocker notifications should appear in the Information Band.
AccUserInitOnClick - Turns off or on an app compat work-around for some Accessibility Aids. This is on by default.
Balloon - Set when the balloon notification has been shown. Not a very interesting value, listed here for completeness.
BlockHTMLDialogs - Whether or not to treat HTML dialogs as pop-ups.
UserInitTimeout - Number of ms in the timeout period when the UseTimerMethod value is set (see below).

The biggest changes for SP2 is the creation of multiple levels of pop-up blocking. This is visible in the advanced pop-up blocking settings dialog (Tools->Pop-up Blocker->Pop-up Blocker Settings...). The levels are high, medium and low. The text descriptions of the levels were limited by the size of the box and the length of the text when localized to languages such as German. I will provide more details. The levels are pre-set combinations of the following values. Please note, these may change between now and the final release of SP2.

BlockUserInit - Whether or not to block windows deemed to be the result of a user initiated action. When on, pop-up blocking is hardcore. Default is off.
UseTimerMethod - Whether or not to use a timer to detect user initiated actions. Some sites do things asynchronously to mouse clicks... mostly sites where you submit data which results in a popup.
UseHooks - Whether or not to hook messages going to ActiveX controls. If this is false, then the control may not be able to open a new window.
AllowHTTPS - Whether or not to blindly allow pop-ups from sites using https.

The default values are High: T,F,F,F; Med: F,F,T,F; Low: F,T,T,T.
If you go change one setting by hand and it does not match the template for any of those levels, the level will show as "Custom" in the settings dialog.

The only other key to note is the Allow subkey. This is just a list of domains in the whitelist.

Script Debugging in IE

When a suitable script debugger is installed, and the user visits a site that causes a script error, IE has traditionally provided a "Do you want to debug?" prompt. This is controlled by a registry setting and has generally been off by default, but installing other applications could cause this to become enabled. Most users would really rather not see this prompt. To that end, the old setting got renamed to "Disable Script Debugging (Other)" and a new setting was created "Disable Script Debugging (Internet Explorer)". Apps hosting the webbrowser control to do web page design can still use the old setting to enable script debugging in their app without the average end user having to see this prompt. Developers can also enable debugging in IE by enabling the new setting. These settings are in the Internet Control Panel's Advanced tab (Tools->Internet Options->Advanced), under the Browsing sub-heading.

App and Site Compat

We did a lot of work balancing the effectiveness of pop-up blocker with not breaking existing sites. As always, there are trade-offs here. Frequently in SP2 we have chosen security/privacy over compatibility, which is why we introduced the levels in pop-up blocker. The levels provide a quick and easy way to chose where you want to be in the compat trade-off arena. The default is medium. If you find some really egregiously broken sites, please feel free to post them here. I will probably not be able to respond to post responses, but we will look at all of them.

Misc UI Bug Fixes

I fixed a lot of UI bugs, mostly related to menu state. The layout of the menus changed a bit. In retrospect, this is not very interesting to talk about.
 
Lucius,

I have doubts that creating an XP + SP2 CD is actually permitted, unless you
are slipstreaming for personal use. You certainly cannot create such a CD
for distribution.

MS have SP2 CDs available for ordering (for free).
 
Sandi said:
Lucius,

I have doubts that creating an XP + SP2 CD is actually permitted,
unless you are slipstreaming for personal use. You certainly cannot
create such a CD for distribution.

MS have SP2 CDs available for ordering (for free).


Yes, that's for my personnal use.
 
Back
Top