I have my program running on windows which has the option to configure custom proxy settings.
Under the hood, I use SetInternetOption with INTERNET_OPTION_PER_CONNECTION_OPTION flags, changing the proxy settings for the entire process.
I want to allow users to revert to the default system (INET) proxy setting (as defined in Internet Explorer tools menu -> connections -> LAN settings).
Is there a way to revert all custom changes made through SetInternetOption and restore the current default system proxy settings?
Note: I thought about querying for the current INET settings and then just manually setting it (with SetInternetOption). This solution is not elegant and I'm also worried I might not be able to restore the exact same settings, because for example since IE8 the actual proxy settings may differ from the settings as they are configured in Internet Explorer UI.
Related
If I have Automatically detect settings then this tells Windows to go off and iscover what the settings should be (I think?).
How can I either get the address Windows is using to get the config. file or get the actual settings it's using?
I'm currently working on laptops that go in Police Cars. They run an app called IMobile which is an extension of our CAD system, and allows them to do vehicle lookups, get more info on a call, etc.
The IMobile app is basically an IE overlay and it uses htm files that are on the local laptop. We've added in some simple VBScripts that do various tasks. Some common functions that are required for these tasks are in a VBscript called PoliceFunctions.vbs which is included in the same directory as all the other scripts. This method worked fine in previous versions of IE and Windows, however we're getting scripting errors in Windows 7 with IE8, specifically, 'ActiveX component can't create object: "Scripting.FileSystemObject"' and it references the functions script mentioned above.
If I set IE's settings to allow it to run ActiveX controls not marked as safe, the script runs fine, however I don't want do open a large security hole. I've tried adding localhost and the directory to the Trusted Sites list with no effect. I've tried re-registering SCRRUN.dll as mentioned in another post as well as wscript -regserver. And I've changed IE's settings to allow local Active Content with no success.
Anyone have any other ideas of how I can allow this script to run without opening a large security hole or having it nag the end user that his IE settings are going to bring about the apocolypse?
The explanation is long but explains how IE uses security zones to make trust decisions.
The URLAction of interest in this case is:
1201 Initialize and script ActiveX controls not marked as safe(URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY)
The default setting for this URLAction in the Local Machine zone is Prompt, and in all other zones it is Disable. Only if you change that setting to Enable will you bypass the prompt. You cannot use the Internet Control Panel to adjust the security settings for the Local Machine zone because only the other four zones are shown in this UI. To change the setting for the Local Machine zone, you can edit the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
Change the value for entry 1201 from 1 to 0
Write an ActiveX, implement IObejctSafety and wrap FSO methods in it. Note this is lying about the ActiveX's scripting safety but it is better than open to every unsafe ActiveX.
As the app "uses htm files that are on the local laptop" you could try to switch to a .hta application. For a quick test, just rename the *.html to .hta; if it 'works' add a suitable hta:application tag. To start
Have to test a c# application from client that is to work on a machine that has FIPS enbaled
First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx. However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.
The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833, but can be summarised as follows:
Using an account that has administrative credentials, log on to the computer.
Click Start, click Run, type gpedit.msc, and then press ENTER.
In the Local Group Policy Editor, under the Computer Configuration
node, double-click Windows Settings, and then double-click Security
Settings.
Under the Security Settings node, double-click Local Policies, and
then click Security Options.
In the details pane, double-click System cryptography: Use
FIPS-compliant algorithms for encryption, hashing, and signing.
In the System cryptography: Use FIPS-compliant algorithms for
encryption, hashing, and signing dialog box, click Enabled, and then
click OK to close the dialog box.
Close the Local Group Policy Editor.
If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1
Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.
As an alternative, for Windows 7 users (with admin rights), this is one of the "Network Properties". Step by step:
click on the "Network" icon on task bar.
right click > Properties on the specific Network connection
switch to the "Security" tab.
click on "Advanced Settings" button.
click the checkbox labeled "Enable Federal Information Processing Standards (FIPS) compliance for this network.
Also, have in mind:
Recommended reading: http://technet.microsoft.com/en-us/magazine/ff847520.aspx
This setting sepends on what you have selected as "Security Type" on the Security Tab
Your wireless network adapter card might be doing this encryption in hardware already. This checkbox will switch from that to rather performing AES encryption in software.
I'd like to set the tick box options within the LAN settings of the Internet Options:
I'd prefer the code in a script or C#, but C/C++ would be fine as well. Please answer with the code/script to at least untick the "Use automatic configuration script" option.
THANKS!
They answer appears to be here if you dont mind using powershell
Setting Proxy settings in ie using powershell
The name of the auto config file is stored in this registry key:
HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings\AutoConfigURL
You can use the Registry Functions to access the key:
http://msdn.microsoft.com/en-us/library/ms724875(VS.85).aspx
Is there a way, from within a Cocoa application to change the system network settings (specifically, the proxy settings). I've found that there is a file called preferences.plist in /Library/Preferences/SystemConfiguration that has the settings I want, but I can't figure out how to get the system to process changes to this file without rebooting.
Can this be done programmatically, or at least by launching some command? (This solution would probably be 10.5.x only, I'm assuming)
Since I can change these settings in System Preferences immediately, there must be some way, it just eludes me ....
Thanks!
You want the SystemConfiguration framework, specifically the Proxies Dictionary (see here for more details).