Can ya'll point me at some of this information that has some step-by-step instructions?
Thanks, Bobby -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of warpmedia Sent: Friday, November 04, 2005 8:09 AM To: The Hardware List Subject: Re: [H] Securing IE Thane Sherrington (S) wrote: > At 08:12 PM 02/11/2005, warpmedia wrote: > >> 1. DrpoMyRights is not a perfect solution, it only protects if >> launched with that shortcut. > > > Yeah, but I can only do so much for end users. > >> Best solution for IE6 is to change all protocol defaults to Restricted >> Zone & use a 3rd party App like AdIEFltr to whitelist into the >> Internet zone. Caveat: it costs money, requires users to "get it" >> concerning machine names + domains, and can require extensive testing >> to get all a given sites URL's whitelisted. > > > Well, it's end users, so you know that it's got to be simple, or they > won't use it. So I think DropMyRights might be the best solution for IE > users. If they don't learn how to switch from Restricted they get nowhere. Sounds perfect, learn or not be able to use and not get around it by reseting the Internet zone to defaults. Reset is 1st thing most TS will tell them to do if they have problems, IE settings/lock down solution out the window! Changing protocol defaults does survive the reset. =) I forgot, there is also a semi-brain dead tool from ms that allows easy switching of a site into Restricted or Trusted which could be used with a Trusted zone (modified) to only be as trusting as the default Internet zone. Well even with DropMyRights I'd imagine there's the ability to screw up the current user, so it's "better" like having a fig leaf makes you "dressed". Nothing short of Restricted zone by default defeats ActiveX & Java being on by default even if damage they can do is minimized by user rights. > >> Better solution is FF & NoScript and then some sort of FF extension to >> launch IE using DropMyRights shortcut for the FF challenged sites. > > > Yeah, FF and NoScript is probably the best way to go, but once again, > NoScript requires thought and education, and I find those are two things > most users don't want to deal with. Yes, but with FF + NoScript it's a straight forward process to enable a site (& related sites) unlike AdIEFilters inability to just enable a domain without manual tweaking per site. Certainly encouraging them to switch to FF + NoScript is not only advised but easier since NoScript has added functionality MS has left abandoned for years. If you could get them doing that much + make the basic changes to IE you suggest for the stubborn sites it would be a step in the right direction (assuming you mean IE6 under XP Sp2). I digress, nothing short of doing it the right way is the right way and only FF+NoScript and/or AdIEFilter (or the MS tool), and a bit of users using their brains (i.e. learning) is the right way. Good luck!
