Disable IE home page setting not working

Discussion in 'SpywareBlaster & Other Forum' started by trolleyclang, Oct 11, 2003.

Thread Status:
Not open for further replies.
  1. trolleyclang

    trolleyclang Registered Member

    Joined:
    Oct 11, 2003
    Posts:
    4
    o_O

    Hi,
    Just started trying to use spyware blaster. I am having a problem on one of my computers though. I cannot get the Disable IE home page settings to stay check marked. I have two users on the computer. The administrator one stays checked and the administrator cannot change the home page from IE. Under the other user the box for disable will not stay checked and this is the main user that I am concerned about keeping from making home page changes. I have Internet Explorer 5.5 and am using Windows 2000 Professional.
    Does anyone have any suggestions?
    Thanks.
     
  2. trolleyclang

    trolleyclang Registered Member

    Joined:
    Oct 11, 2003
    Posts:
    4
    Updated to IE 6.0 and still have same problem.
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Let's make sure about the details here. I'm assuming that you are trying to run SpywareBlaster under that limited (non-admin) user account, and when you check that option to disable user home page changes, as soon as you come back to that SpywareBlaster option page again, it is unchecked. Is that correct?

    If so, it sounds like the limited user account does not have the access in the registry that is needed to set the specific flag/value that locks the IE home page from user changes. While this is actually a good thing, as it shows that you've got the limited user account well restricted, it is also preventing you from using SB to block that IE setting. SpywareBlaster does not run with more privilege than the user running it, so, if the limited user can't set the registry value, SB won't help them set it either.

    The only idea I can offer if you want to use SB to set that option and then always leave it set for that user... Temporarily change that user to an Admin, login to that account, use SB to set the restriction, log out and turn the user back to limited again. (Yes, it's a bit of work. Of course, if you were comfortable using regedit and changing values manually, you could set the restriction that way.)

    It's simply that SpywareBlaster only sets that restriction for the "current user" that is running SB. The same is also true for the "IE Windows Title Text" option below the home page setting. Notice the note that states "Current User" on that one, too.
     
  4. trolleyclang

    trolleyclang Registered Member

    Joined:
    Oct 11, 2003
    Posts:
    4
    Thanks, LowWaterMark.

    You mentioned something about fixing the registry. I have worked enough in the registry that if someone could tell me what kind of entry to make to stop anyone user, hacker, etc...from changing the home page I could probably do it.

    I am trying to keep users at the public library from changing the homepage either purposely or accidently. I think this will keep them from being able to go to Tools, Internet Options and changing it manually. But, if I can get a registry entry, will it also keep such things as windows that pop open and ask the user if they want to change the homepage from changing the homepage. Basically, if the user clicks yes change the home page will the registry entry keep that from happening? And if so, are the entries different depending on what OS you are using? The library has Windows 98, 2000, and XP.

    Thanks for your help.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    The option used by SpywareBlaster to prevent the current user from changing the IE default home page is only a simple block on Internet Explorer's "Internet Options..." interface. It will not prevent other programs (via ActiveX controls or scripting exploits) from changing that setting.

    Hmm, there are several points worth making here, especially given that you are actually trying to secure publicly accessible PCs.

    First, SpywareBlaster's ActiveX protections should reduce significantly the number of spyware items that can hijack the browser home page since many of those run from known (blocked) ActiveX controls. So, that's a good step to prevent external hijacks. Since it works silently, i.e. no pop-ups asking the user what they want to do, it's perfect for a shared public PC.

    On that point, I don't think security software that pops up alert windows, requesting the user to decide what to do, would be appropriate for such an environment. (How would you ever teach or trust the PC's users to answer those popups?) So, I don't think SpywareGuard would be a good solution.

    In any case, back to the user changing settings themselves via the menus in Internet Explorer. I do think applying these restrictions would still be a good idea. So, here is the registry key used to do that in IE.

    Since SpywareBlaster only sets this key in the context of the registry's "current user" tree, you'd need to actually use your Admin login to go into regedit and set this same key in the:

    Each user defined on a PC has a tree under HKEY_USERS in the registry, so, you just need to make the change there for all users you want to restrict.

    Also, if these are just shared public PCs, why not block access entirely to IE's Tools > "Internet Options..." menu? This key will block that:

    If the user tries to get into the Internet Options... menu item they get an IE error saying that the options are restricted. This might be worth thinking about if you don't have any reason why you'd want to allow the users to configure IE settings.

    While I don't have all the different combinations of IE versions and Windows available, I can say that IE5.5 on Windows 95 uses the same flags, shown above, as does IE6 on Windows XP. So, I'd guess they're all the same.

    There are possibly many things you could do that are very specific to securing a publicly accessible PC. Perhaps you should start a new thread in Software & Services to discuss the various options available.
     
Thread Status:
Not open for further replies.