VBScript causes ActiveX warning

[Rob Collins]

Hello. I have a web page I designed myself with a small
piece of VBScript embedded (see below). I get an ActiveX
warning when viewing this page. Is there any way to make
this page "safe"?
This is the code:
<HTML>
<BODY>
Blah Blah Blah<p>
<SCRIPT LANGUAGE="VBScript">
<!-- Instruct non-IE browsers to skip over VBScript
modules.
Set Shell = CreateObject("WScript.Shell")
CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Document.write "PC name is: " & CompName
-->
</SCRIPT>
</BODY>
</HTML>

Any advie would be much appreciated. Thanks, Rob

 

[Joe Wu [MSFT]]

Dear Rod,

Thanks for your post.

It is a by-design feature for security purposes. When open a page which
contains this kind of script, we may get warning message of "An Active X
Control on this page is not safe. Your current security settings prohibit
running unsafe controls on this page", because this script is about to
collect current system's information (computer name in this issue).

This behavior can occur if the "ActiveX controls and plug-ins" security
settings in Internet Explorer are configured to Prompt or Disable. To
resolve this issue, we can try these steps:

1. Right-click the Internet Explorer icon on the desktop, and then click
Properties.

2. On the Security tab, click Custom Level.

3. Under "ActiveX controls and plug-ins", click Enable under the following
security settings:

- Initialize and script ActiveX controls not marked as safe
- Run ActiveX controls and plug-ins

4. Click OK.

5. Click Yes when you are prompted to change the security settings for the
zone.

I hope the above information helps. Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|Content-Class: urn:content-classes:message
|From: "Rob Collins" <[email protected]>
|Sender: "Rob Collins" <[email protected]>
|Subject: VBScript causes ActiveX warning
|Date: Wed, 12 Nov 2003 03:04:51 -0800
|Lines: 23
|Message-ID: <[email protected]>
|MIME-Version: 1.0
|Content-Type: text/plain;
| charset="iso-8859-1"
|Content-Transfer-Encoding: 7bit
|X-Newsreader: Microsoft CDO for Windows 2000
|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|Thread-Index: AcOpDMtfflHqnhzbRq63csPsGVgC6Q==
|Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
|Path: cpmsftngxa06.phx.gbl
|Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:186057
|NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
|X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|
|Hello. I have a web page I designed myself with a small
|piece of VBScript embedded (see below). I get an ActiveX
|warning when viewing this page. Is there any way to make
|this page "safe"?
|This is the code:
|<HTML>
|<BODY>
|Blah Blah Blah<p>
|<SCRIPT LANGUAGE="VBScript">
|<!-- Instruct non-IE browsers to skip over VBScript
|modules.
|Set Shell = CreateObject("WScript.Shell")
|CompName = Shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
|Document.write "PC name is: " & CompName
|-->
|</SCRIPT>
|</BODY>
|</HTML>
|
|Any advie would be much appreciated. Thanks, Rob
|
|
|
|

 

[Rob Collins]

Hi Joe

Thanks very much for this. I did as you said for Intranet
Zone and this works perfectly.

I need to roll out this setting change to 400 users. Can
it be done using their logon scripts? Unfortunately we're
not yet using Active Directory, we've got an NT4 domain
with mixed NT4/XP clients.

Thanks

Rob

 

[Joe Wu [MSFT]]

Dear Rob,

Thank you for your feedback. I am glad to know that we are making progress.

Actually, the Local Intranet Zone security settings are saved in the
following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1]

An easy solution is:

1. Configure the Local Intranet Zone security settings on a client.
2. Export the above key to a *.reg file.
3. Add the following command on the existing logon script:

regedit /s \\<Path>\<File.Reg>

This will configure the users' IE security settings when they log on.

More Information:
----------------------------

1. The "Initialize and script ActiveX controls not marked as safe" setting
is recorded by the "1201" entry.
2. The "Run ActiveX controls and plug-ins" setting is recorded by the
"1200" entry.
3. We should change the above two entries to "0" (which indicates "Enable").

Please try the method and let me know if it works.

Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|Content-Class: urn:content-classes:message
|From: "Rob Collins" <[email protected]>
|Sender: "Rob Collins" <[email protected]>
|References: <[email protected]>
<[email protected]>
|Subject: RE: VBScript causes ActiveX warning
|Date: Thu, 13 Nov 2003 05:12:14 -0800
|Lines: 126
|Message-ID: <[email protected]>
|MIME-Version: 1.0
|Content-Type: text/plain;
| charset="iso-8859-1"
|Content-Transfer-Encoding: 7bit
|X-Newsreader: Microsoft CDO for Windows 2000
|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|Thread-Index: AcOp58FRLlHQFHtKQFeqVgsvyiJ5uw==
|Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
|Path: cpmsftngxa06.phx.gbl
|Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:186657
|NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
|X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|
|Hi Joe
|
|Thanks very much for this. I did as you said for Intranet
|Zone and this works perfectly.
|
|I need to roll out this setting change to 400 users. Can
|it be done using their logon scripts? Unfortunately we're
|not yet using Active Directory, we've got an NT4 domain
|with mixed NT4/XP clients.
|
|Thanks
|
|Rob
|
|>-----Original Message-----
|>Dear Rod,
|>
|>Thanks for your post.
|>
|>It is a by-design feature for security purposes. When
|open a page which
|>contains this kind of script, we may get warning message
|of "An Active X
|>Control on this page is not safe. Your current security
|settings prohibit
|>running unsafe controls on this page", because this
|script is about to
|>collect current system's information (computer name in
|this issue).
|>
|>This behavior can occur if the "ActiveX controls and plug-
|ins" security
|>settings in Internet Explorer are configured to Prompt or
|Disable. To
|>resolve this issue, we can try these steps:
|>
|>1. Right-click the Internet Explorer icon on the desktop,
|and then click
|>Properties.
|>
|>2. On the Security tab, click Custom Level.
|>
|>3. Under "ActiveX controls and plug-ins", click Enable
|under the following
|>security settings:
|>
|> - Initialize and script ActiveX controls not marked as
|safe
|> - Run ActiveX controls and plug-ins
|>
|>4. Click OK.
|>
|>5. Click Yes when you are prompted to change the security
|settings for the
|>zone.
|>
|>I hope the above information helps. Thank you for using
|our news groups!
|>
|>Regards,
|>Joe Wu
|>Product Support Services
|>Microsoft Corporation
|>
|>Get Secure! - www.microsoft.com/security
|>
|>====================================================
|>When responding to posts, please "Reply to Group" via
|your newsreader so
|>that others may learn and benefit from your issue.
|>====================================================
|>This posting is provided "AS IS" with no warranties, and
|confers no rights.
|>
|>--------------------
|>|Content-Class: urn:content-classes:message
|>|From: "Rob Collins" <[email protected]>
|>|Sender: "Rob Collins" <[email protected]>
|>|Subject: VBScript causes ActiveX warning
|>|Date: Wed, 12 Nov 2003 03:04:51 -0800
|>|Lines: 23
|>|Message-ID: <[email protected]>
|>|MIME-Version: 1.0
|>|Content-Type: text/plain;
|>| charset="iso-8859-1"
|>|Content-Transfer-Encoding: 7bit
|>|X-Newsreader: Microsoft CDO for Windows 2000
|>|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|>|Thread-Index: AcOpDMtfflHqnhzbRq63csPsGVgC6Q==
|>|Newsgroups:
|microsoft.public.windows.inetexplorer.ie6.browser
|>|Path: cpmsftngxa06.phx.gbl
|>|Xref: cpmsftngxa06.phx.gbl
|>microsoft.public.windows.inetexplorer.ie6.browser:186057
|>|NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
|>|X-Tomcat-NG:
|microsoft.public.windows.inetexplorer.ie6.browser
|>|
|>|Hello. I have a web page I designed myself with a small
|>|piece of VBScript embedded (see below). I get an ActiveX
|>|warning when viewing this page. Is there any way to make
|>|this page "safe"?
|>|This is the code:
|>|<HTML>
|>|<BODY>
|>|Blah Blah Blah<p>
|>|<SCRIPT LANGUAGE="VBScript">
|>|<!-- Instruct non-IE browsers to skip over VBScript
|>|modules.
|>|Set Shell = CreateObject("WScript.Shell")
|>|CompName = Shell.ExpandEnvironmentStrings("%
|COMPUTERNAME%")
|>|Document.write "PC name is: " & CompName
|>|-->
|>|</SCRIPT>
|>|</BODY>
|>|</HTML>
|>|
|>|Any advie would be much appreciated. Thanks, Rob
|>|
|>|
|>|
|>|
|>
|>.
|>
|

 

[Rob Collins]

Hi Joe

Thanks very much for this! The registry settng does indeed
work fine. Now what I need to do is work out how to roll
out this registry setting to 400 clients. I tried using
logon scripts, but this does not work because the users
are not Administrators. I've heard something about Remote
Registry Editing. Would this be able to help? Are you able
to offer any further solutions? I can't wait until my
company invests in Active Directory!

Regards Rob

 

[Joe Wu [MSFT]]

Hello Rob,

Thank you for your update and I am glad to know that the solution works.

I will perform further research on the new question and will get back to
you by next Monday. Thanks!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|Content-Class: urn:content-classes:message
|From: "Rob Collins" <[email protected]>
|Sender: "Rob Collins" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
|Subject: RE: VBScript causes ActiveX warning
|Date: Thu, 27 Nov 2003 02:11:10 -0800
|Lines: 13
|Message-ID: <[email protected]>
|MIME-Version: 1.0
|Content-Type: text/plain;
| charset="iso-8859-1"
|Content-Transfer-Encoding: 7bit
|X-Newsreader: Microsoft CDO for Windows 2000
|X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|Thread-Index: AcO0zsgJyF38N55UTy2Cd88kgNHnWA==
|Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
|Path: cpmsftngxa06.phx.gbl
|Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:192144
|NNTP-Posting-Host: tk2msftngxa05.phx.gbl 10.40.1.49
|X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|
|Hi Joe
|
|Thanks very much for this! The registry settng does indeed
|work fine. Now what I need to do is work out how to roll
|out this registry setting to 400 clients. I tried using
|logon scripts, but this does not work because the users
|are not Administrators. I've heard something about Remote
|Registry Editing. Would this be able to help? Are you able
|to offer any further solutions? I can't wait until my
|company invests in Active Directory!
|
|Regards Rob
|
|

 

[Joe Wu [MSFT]]

Dear Rob,

Thank you for your patience.

For Windows NT domain, we can only enable a logon script based on the user
level. Instead, you can also share the script in a network folder and
inform all users run it manually.

We can add the following command in your current logon script:

regedit /s \\<Path>\<File.Reg>

and make sure that the File.reg file is assessable by all the clients.

Or try a VB script (which do not need an additional reg file). For your
convenience, I have attached a sample as follows:

dim sKey, WshShell

Set WshShell = CreateObject("WScript.Shell")

sKey="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1\1201"
WshShell.RegWrite sKey,0, "REG_DWORD"

sKey="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1\1200"
WshShell.RegWrite sKey,0, "REG_DWORD"

I hope the above information helps. Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|X-Tomcat-ID: 225760215
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
|MIME-Version: 1.0
|Content-Type: text/plain
|Content-Transfer-Encoding: 7bit
|From: (e-mail address removed) (Joe Wu [MSFT])
|Organization: Microsoft
|Date: Fri, 28 Nov 2003 11:03:34 GMT
|Subject: RE: VBScript causes ActiveX warning
|X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
|Lines: 56
|Path: cpmsftngxa06.phx.gbl
|Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:192429
|NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
|Hello Rob,
|
|Thank you for your update and I am glad to know that the solution works.
|
|I will perform further research on the new question and will get back to
|you by next Monday. Thanks!
|
|Regards,
|Joe Wu
|Product Support Services
|Microsoft Corporation
|
|Get Secure! - www.microsoft.com/security
|
|====================================================
|When responding to posts, please "Reply to Group" via your newsreader so
|that others may learn and benefit from your issue.
|====================================================
|This posting is provided "AS IS" with no warranties, and confers no rights.
|
|--------------------
||Content-Class: urn:content-classes:message
||From: "Rob Collins" <[email protected]>
||Sender: "Rob Collins" <[email protected]>
||References: <[email protected]>
|<[email protected]>
|<[email protected]>
|<[email protected]>
||Subject: RE: VBScript causes ActiveX warning
||Date: Thu, 27 Nov 2003 02:11:10 -0800
||Lines: 13
||Message-ID: <[email protected]>
||MIME-Version: 1.0
||Content-Type: text/plain;
|| charset="iso-8859-1"
||Content-Transfer-Encoding: 7bit
||X-Newsreader: Microsoft CDO for Windows 2000
||X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
||Thread-Index: AcO0zsgJyF38N55UTy2Cd88kgNHnWA==
||Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
||Path: cpmsftngxa06.phx.gbl
||Xref: cpmsftngxa06.phx.gbl
|microsoft.public.windows.inetexplorer.ie6.browser:192144
||NNTP-Posting-Host: tk2msftngxa05.phx.gbl 10.40.1.49
||X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
||
||Hi Joe
||
||Thanks very much for this! The registry settng does indeed
||work fine. Now what I need to do is work out how to roll
||out this registry setting to 400 clients. I tried using
||logon scripts, but this does not work because the users
||are not Administrators. I've heard something about Remote
||Registry Editing. Would this be able to help? Are you able
||to offer any further solutions? I can't wait until my
||company invests in Active Directory!
||
||Regards Rob
||
||
|
|