Remove My Computer Zone from Security Tab

Hello, I was wondering if anyone knew how to remove the "My Computer Zone" from the Security Tab, under Internet Options?

Instead of the Normal Four (4) Zones (Internet, Local Intranet, Trusted, Restricted) there are Five (5), with the fifth one being "My Computer Zone"

We have attempted DelDomains.inf. No settings can be altered to remove this zone, except the registry, from what I have been reading.

Does anyone know exactly what to change in the registry to remove this zone? I have also been to Microsoft Newsgroup, and what I have read suggested adding the decimal number 23 to the value to remove;

what value and which registry key (s)? I've read it had something to do with flags and/or lockdown, but it doesn't make sense to me.


any suggestions?

 

Have a look here:- http://surfthenetsafely.com/ieseczone3.htm

 

Thanks TrooperID

In addition to those suggestions, where does the Flag key comes into play?

I had been inside the Microsoft Newsgroup and according to Ramesh, one of Microsofts MVP suggested

"Add "32" (decimal) if you want to hide the My Computer zone in IE Options,
and vice-versa".


How would that factor in if a reg code were created to include the flags value?

Makes "My Computer" security zone visible

To reverse the process and hide the zone "My Computer", use the following script

Hides "My Computer" security zone

-

 

http://support.microsoft.com/?kbid=315933 confirms your last post.

Exported my key looks like this:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Flags"=dword:00000021

Replacing Windows Registry Editor Version 5.00 with REGEDIT4 will make it usable for all Windows versions using IE5 or IE6

Regards,

Pieter

 

From the MS knowledge base article you will see that there are two possible keys to consider:-

The key that has to be edited for a particular user account is:-

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

The key to be edited if all user accounts are to have this zone visible/invisible is:-

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Within the key is a DWORD value "Flags". Setting the data value of the Flags value to 47 (in hexadecimal) causes the "My Computer"security zone to be displayed. Setting the data value of the Flags value to 21 (in hexadecimal) causes the "My Computer" security zone to be hidden.

So you need to bring up Regedit and navigate to each of these keys in turn. Towards the bottom of the right hand pane in Regedit, you will see an entry listed under the name column as 'Flags', the 'Type' will be REG_DWORD and under the data column it will probably read 0x00000047 (71).

You want to change the 47 into a 21. To do that you should right click the word 'Flags' and click 'modify' in the box that opens. Ensure that the 'Base' Hexadecimal is selected and simply change the value data from 47 to 21 then click O.K.

Before editing the Registry you should back-up the key you are changing. To do that, once you have clicked on the Zone 0 key to select it, simply click File/Export on the Regedit menu bar and save the key at a suitable location. If you have an 'accident' you can easily reinstate that key by clicking File/Import and reversing the process.

Let us know how you get on and if you have any further questions please ask!

PS - it may be that you only need to edit one of the two Keys referred to above; it is possible that the second key is already set at 21.

 

Thanks you Pieter and Trooperid,

Your opinion: Would recommending a user apply deldomains.inf as well as the reg fix of hiding the my computer zone sound feasible in troubleshooting the 015 mycomputer zone infected logs? Deldomains appears not to be working alone?

I have not attempted this yet and have yet to test on my test pc, I have attempted deldomains only, user response and new hijackthis log still shows my computerzone enabled and stated he did not enable this zone.

Are you familiar with what Ramesh referred by using adding or subtracting decimal 23?

located here

http://support.microsoft.com/?kbid=182569

Where the comments start with "The Flags DWORD value determines the ability of the user to modify the security zone's properties. To determine the Flags value, add the numbers of the appropriate settings together."

Should this be ignored and use the values 47 and 21 for enabbing and hiding? my computer zone?

Again thank you all for your support in clarifying the logistics behind the mycomputer zone and its reg values.

 

In case you were not aware....deldomains.inf deletes the Domains and Ranges key for the Current_User and Local_Machine. What that does is remove any\all URL's(Domains) and IP's(Ranges) that are placed in the Trusted Zone or Restricted Zone of Internet Explorer. It then re-creates those keys....Domains and Ranges

The displaying or not displaying of the My Computer Zone would only be a security risk in respects to local acess to your PC. Meaning....it gives you or others sitting at your PC a way to adjust the settings for My Computer Zone in IE if it is visible. That Zone is hidden by default....but badware can still write to that key....whether it's hidden or not.

It appears the crux of your question deals with this type HJT entry....O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)....correct

If so....deldomains.inf....nor hiding My Computer Zone will assist with that entry. What you have to determine is who or what is changing the below reg key and it's correct values.

If you are letting HJT fix those....and they are not sticking....that's where you have to concentrate. I suggest you consider installing a kernel based registry monitoring tool called RegDefend. You could then create a rule to monitor that particular reg key(ProtocolDefaults) for something attempting to change it. Wilders is the Official support site for that software....and would be very much a plus for layered security.

 

Thanks you bubba,

Yes

Will recommend RegDefend and work from there.

Thank you so very much.

 

You are very Welcome....and good luck.

You will not regret it....and there are many knowledgeable folks that frequent the RegDefend Forum for assistance.