Configuring Internet Explorer via the Windows Registry

Registry keys for standard Internet Explorer permissions

At some banks it is not possible to change browser settings manually, even for administrator users, since Internet Explorer is locked down by Group Policy. In this case it is possible to configure browser permissions via the registry.

Usually Internet Explorer permissions are read from DWORD registry values under the following user level registry key.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

However, the machine can be forced to use DWORD registry values at the machine level under the following registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

This can be done by adding a DWORD registry value called Security_HKLM_only under the following registry key and assigning it value 1.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Once the registry key in effect has been identified, the Internet Explorer zone can be identified from the following list.

Each of the DWORD values corresponds to an Internet Explorer permission and the permissions of interest to DealAxis are shown below. Setting a DWORD value to 0 changes its status to Enabled, 1 means Prompt and 3 means Disabled.

Internet Explorer registry numbers

The below screenshot shows zone 2 (Trusted Sites) under the user level registry settings. The value 1200 (Run ActiveX controls and plug-ins) is set to its default value of 0 (Enabled).

Internet Explorer registry values

Administrator Approved Controls

Rather than enabling all ActiveX controls for a particular zone, some banks prefer to limit ActiveX controls to an approved list. This is possible by setting Run ActiveX controls and plug-ins to Administrator Approved as below, which writes value 65536 to the above registry DWORD.

Administrator approved

The CLSIDs of approved controls then need to be entered under the following registry key as DWORD values and a value of zero means the control is approved.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls

If Internet Explorer permissions are configured at the machine level the below key would be used instead.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls

The CLSID for .Net controls is the null GUID which is the string {00000000-0000-0000-0000-000000000000}. The below screenshot shows the null GUID configured as an approved control for the current user, so that the user has permissions to run the Pot book grid in the browser.

Administrator approved .Net

Return to home page

Advanced topics

Copyright © Dealogic Ltd