以编程方式更改 Internet Explorer 设置?
[英]Change Internet Explorer settings programmatically?
问题描述
Any idea how do I do the following using C#?
知道如何使用 C# 执行以下操作吗?
- Going to
Tools -> Internet Options -> Security转到Tools -> Internet Options -> Security - Select the
SecuritytabSelect Security选项卡 - Click the
Custom Levelbutton单击Custom Level按钮 - In the
Miscellaneoussection changeDisplay mixed contenttoEnable在Miscellaneous部分将Display mixed content更改为Enable
4 个解决方案
解决方案1
12 已采纳 2011-06-01 17:39:10
The "cheat" way to do this is to change the value这样做的“作弊”方法是更改值
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609
Where 0-4 are Zone identifiers and the value is 0 to Allow, 1 to Prompt, and 3 to Block.其中 0-4 是区域标识符,值为 0 表示允许,1 表示提示,3 表示阻止。 Keep in mind that if your code does this on anyone's machine but your own, you're likely to find your code blocked as malware.请记住,如果您的代码在除您自己之外的任何人的机器上执行此操作,您可能会发现您的代码被作为恶意软件被阻止。
The "proper" way to do this is to use the APIs to create an IInternetZoneManager and call SetZoneActionPolicy to adjust the settings for URLACTION_HTML_MIXED_CONTENT in the zones you want to adjust.执行此操作的“正确”方法是使用 API 创建 IInternetZoneManager 并调用SetZoneActionPolicy来调整您要调整的区域中 URLACTION_HTML_MIXED_CONTENT 的设置。
解决方案2
5 2011-04-30 09:02:12
You aren't supposed to do this "programmatically".您不应该“以编程方式”执行此操作。 That's why there isn't an API for it.这就是为什么没有 API 的原因。 Only the user can change their security settings, and they do it using the built-in interface that you've already discovered.只有用户可以更改他们的安全设置,并且他们使用您已经发现的内置界面来执行此操作。
The poor IE team has been working overtime trying to tighten up the security of their browser.可怜的 IE 团队一直在加班加点试图加强他们浏览器的安全性。 They're not going to throw in something like this that would nullify all of their efforts in a matter of seconds.他们不会投入这样的东西,这会在几秒钟内使他们的所有努力付诸东流。
Recall that even once this option is selected, there's a confirmation dialog presented .回想一下,即使选择了此选项,也会出现一个确认对话框。 How do you propose to "click" that programmatically?您如何建议以编程方式“点击”它? (Hmm, on second thought, don't tell me. That's probably the next question you'll be asking.) (嗯,再想一想,别告诉我。这可能是你要问的下一个问题。)
Give up on trying to do this programmatically, and ask the user to do it themselves.放弃尝试以编程方式执行此操作,并要求用户自己执行此操作。 Provide a complete help file or other documentation that explains why you're requesting that they make this change, what features will be unavailable if they do not choose to make this change, and what the possible security risks of making such a change are.提供完整的帮助文件或其他文档,说明您要求他们进行此更改的原因、如果他们不选择进行此更改,哪些功能将不可用,以及进行此类更改可能存在哪些安全风险。 And, of course, specific instructions on how the change is made.当然,还有关于如何进行更改的具体说明。
Or, better yet, redesign your app so that it doesn't require a system-wide modification of IE's security settings.或者,更好的是,重新设计您的应用程序,使其不需要在系统范围内修改 IE 的安全设置。 It's hard to imagine a legitimate case for this.很难想象一个合理的案例。 A better solution might be asking the user to add your site to their "trusted sites".更好的解决方案可能是要求用户将您的网站添加到他们的“受信任的网站”。 Remember that local pages have different security settings than remote pages by default.请记住,默认情况下,本地页面的安全设置与远程页面不同。
解决方案3
0 2014-06-04 01:55:11
Also do not forget Group Policies.也不要忘记组策略。 Most (if not all) IE settings may also be specified in Group Policies.大多数(如果不是全部)IE 设置也可以在组策略中指定。 According to Local group policy setting for IE security page vs Internet options security page the Group Policy settings override user-defined settings.根据IE 安全页面与 Internet 选项安全页面的本地组策略设置,组策略设置会覆盖用户定义的设置。 So, on my home PC (works without domain controller) I have a choice to define IE settings either via Local Group Policy Editor or via Internet Options.因此,在我的家用 PC(没有域控制器的情况下)上,我可以选择通过本地组策略编辑器或 Internet 选项来定义 IE 设置。 For example, if I run gpedit.msc to open Local Group Policy Editor, select Computer Configuration\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone change "Display mixed content" setting to "Enabled", then select "Enable" in drop down box, click Apply, then open Security Settings for Internet Zone in IE - I will see that "Display mixed content" changed to Enable and the selection is disabled because it is overriden by Policy.例如,如果我运行 gpedit.msc 打开本地组策略编辑器,select 计算机配置\Windows 组件\Internet Explorer\Internet 控制面板\安全页面\Internet 区域将“显示混合内容”设置更改为“启用”,然后 select“在下拉框中启用”,单击应用,然后在 IE 中打开 Internet 区域的安全设置 - 我将看到“显示混合内容”更改为启用,并且选择被禁用,因为它被策略覆盖。 For the entire list of supported policies download WindowsServer2012andWindows8GroupPolicySettings.xlsx from http://www.microsoft.com/en-us/download/details.aspx?id=25250有关支持的策略的完整列表,请从http://www.microsoft.com/en-us/download/details.aspx?id=25250下载 WindowsServer2012andWindows8GroupPolicySettings.xlsx
Now back to the question how to change settings programmatically.现在回到如何以编程方式更改设置的问题。 EricLaw correctly suggested using SetZoneActionPolicy from IInternetZoneManager. EricLaw 正确建议使用 IInternetZoneManager 中的 SetZoneActionPolicy。 But it is hard to find samples for calling it from C#.但是很难找到从 C# 调用它的样本。 I ended up copying http://www.pinvoke.net/default.aspx/Interfaces.IInternetZoneManager into my code and then doing:我最终将http://www.pinvoke.net/default.aspx/Interfaces.IInternetZoneManager复制到我的代码中,然后执行以下操作:
//This will disable "Download signed ActiveX" (IE setting # 0x1001) for Internet Zone (zone #3)
IInternetZoneManager izm = Activator.CreateInstance(Type.GetTypeFromCLSID(new Guid("7b8a2d95-0ac9-11d1-896c-00c04Fb6bfc4"))) as IInternetZoneManager;
IntPtr pPolicy = Marshal.AllocHGlobal(4);
Marshal.Copy(new int[] { 3 }, 0, pPolicy, 1);//3 means "Disable"
int result = izm.SetZoneActionPolicy((uint)UrlZone.Internet, (uint)0x1001, pPolicy, 4, (uint)UrlZoneReg.CurrentUserKey);
Marshal.ReleaseComObject(izm);
Marshal.FreeHGlobal(pPolicy);
I also tried changing group policy programmatically.我还尝试以编程方式更改组策略。 I used library from https://bitbucket.org/MartinEden/local-policy and then:我使用了https://bitbucket.org/MartinEden/local-policy的库,然后:
//This will disable "Download signed ActiveX controls" computer policy for Internet Zone (zone #3)
const string keyPath = @"SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3";
var gpo = new LocalPolicy.ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(LocalPolicy.GroupPolicySection.Machine))
{
using (var terminalServicesKey = machine.CreateSubKey(keyPath))
{
terminalServicesKey.SetValue("1001", 3, Microsoft.Win32.RegistryValueKind.DWord);
}
}
gpo.Save();
After successfully testing the code above on Win7 SP1 with IE 11 I decided to go back to the original suggestion from EricLaw: modify HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\*\1001 directly because this is what Microsoft is recommending.在使用 IE 11 在 Win7 SP1 上成功测试上述代码后,我决定 go 回到 EricLaw 的原始建议:直接修改 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\*\1001,因为这就是 Microsoft推荐。 See, for example How to strengthen the security settings for the Local Machine zone in Internet Explorer or Enhanced Browsing Security例如,请参阅如何加强 Internet Explorer 中本地计算机区域的安全设置或增强的浏览安全性
解决方案4
-1 2011-04-30 09:13:14
I am not sure but I think you can find all these settings in "registry".我不确定,但我认为您可以在“注册表”中找到所有这些设置。 You need to find out the appropriate key.您需要找到合适的密钥。 And to change those values you need to have proper rights.要改变这些价值观,你需要拥有适当的权利。 Registry can be accessed from .net code注册表可以从.net代码访问
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.