Customize HIGH Security Template

M. Gallant 02/023/2000

[Note: Administrator privileges are required to run this Java application on NT and Win2000]

Internet Explorer 4 and 5 provide web-browser security by placing web site URLs into several security zones (Internet, Local intranet, Trusted sites, Restricted sites) depending on the origin of the downloaded content. Each of these security zones has a set of corresponding security settings (HIGH, MEDIUM, MEDIUM-LOW, LOW) which determine what privileges the web-page content is permitted (e.g. scripting enabled, Java enabled, downloading enabled etc..). These group security settings are determined by default template values contained in win32 registry settings.
While the default HIGH security settings provide some protection, the default settings allow scripting, and Java applets to execute. With concern over the security of Internet web surfing and vulnerabilities in browser security implementation and active content, it may be desirable to redefine the default HIGH security settings to disable all active content. Note that by default, the only Zone pointing to the HIGH security setting is the RESTRICTED zone (which contains no sites initially). Therefore, to make use of these customized HIGH security settings, a security zone (say the Internet zone) needs to be pointed to the HIGH setting.

The signed Java application available below adjusts the HIGH template default values to completely disable any active content from running by:

The settings can also be returned to the Default HIGH (Microsoft-supplied) template settings.

To use this utility, download using the customhigh.exe link below and execute from the desktop. The java application runs on Win95, WinNT and Win2000 provided that IE4,5 is installed. The application (customhigh.exe) was generated using "jexegen" from the Microsoft SDK4 for Java with the following command:

jexegen /main:CustomHighTemplate /w /out:customhigh.exe CustomHighTemplate.class and the application is subsequently signed using: signcode -cn "Security Development" -n "Customize HIGH Security Template" -t "http://timestamp.verisign.com/scripts/timstamp.dll" customhigh.exe The application runs like any win32 desktop application (double-click), but requires the MS JVM (double-click).

customhigh.exe application Java source code

References: