Can a script be written to change all IE settings across a network?

mike6623

New member
Member
VIP
Local time
6:10 PM
Messages
255
Hello, we are running a 2012 server. We are on a domain. We recently received notification that advanced settings in IE need to be updated specifically in order to use their website. And something to do with a SSL. Is there a way to change all IE settings on all of the computers connected to our network/domain so that I do not have to manually go to 300 computers? I haven't ever written a script but I am sure if explained, I could do so. There just has to be a way to mass change settings without physically going to each and every machine, right?

Or would this be along the lines of a GPO? Again, not something that I am familiar with so any information would be great!
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer

My Computer My Computer

At a glance

Win-7-Pro64bit 7-H-Prem-64biti7-5930K 2nd i9-9940x both water blocked VRM'...Trident-z 3200C14 2nd Trident-z 3600C16EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads
Group Policy was made for this kind of thing. Otherwise this is likely going to be difficult, script or no script.

Someone in your organization should be familiar with this.
 

My Computer My Computer

At a glance

Windows 7 Pro 64 bitXeon W35208 GBNvidia Geforce 210
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Pro 64 bit
CPU
Xeon W3520
Memory
8 GB
Graphics Card(s)
Nvidia Geforce 210
Here is what I am trying to accomplish and just not sure if possible with GPO.


[FONT=Cambria,Cambria][FONT=Cambria,Cambria][FONT=Cambria,Cambria]Instructions
[/FONT]
[/FONT]
[/FONT]To configure Internet Explorer HTTPS security settings:
1. Launch Internet Explorer
2. Navigate to
[FONT=Calibri,Calibri][FONT=Calibri,Calibri]Tools [/FONT][/FONT]> [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Internet Options. [/FONT][/FONT]The Internet Options window appears. The General tab is displayed.
3. Click the
[FONT=Calibri,Calibri][FONT=Calibri,Calibri]Advanced [/FONT][/FONT]tab. 3 | P a g e
4. Scroll down to the end of the [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Settings [/FONT][/FONT]list. Settings for SSL & TLS are listed here.
5. Select
[FONT=Calibri,Calibri][FONT=Calibri,Calibri]Use TLS 1.0[/FONT][/FONT], [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Use TLS 1.1 [/FONT][/FONT]and [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Use TLS 1.2 [/FONT][/FONT]to enable all instances of TLS. Leave [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Use SSL 2.0 [/FONT][/FONT]and [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Use SSL 3.0 [/FONT][/FONT]selected, do not deselect the SSL settings. CareLogic will use TLS rather than SSL once TLS is enabled.
6. Click
[FONT=Calibri,Calibri][FONT=Calibri,Calibri]OK[/FONT][/FONT]. The Internet Explorer [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Internet Options [/FONT][/FONT]window closes and the [FONT=Calibri,Calibri][FONT=Calibri,Calibri]Security Certificate [/FONT][/FONT]settings are saved.
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer
What application/s need to use ssl of any type ?
All tsl's should be activated by default
You also have not confirmed which version of ie your using unless I missed it ?
Cheers.
 

My Computer My Computer

At a glance

Win-7-Pro64bit 7-H-Prem-64biti7-5930K 2nd i9-9940x both water blocked VRM'...Trident-z 3200C14 2nd Trident-z 3600C16EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads
What application/s need to use ssl of any type ?
All tsl's should be activated by default
You also have not confirmed which version of ie your using unless I missed it ?
Cheers.

Sorry, IE 8,9,10 &11. This needs to be configured this way for an electronic health record that can only be accessed by using IE. I just do not want to have to manually configure 200+ computers if a GPO can push this out to all users running those versions of IE.
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer

My Computer My Computer

At a glance

Win-7-Pro64bit 7-H-Prem-64biti7-5930K 2nd i9-9940x both water blocked VRM'...Trident-z 3200C14 2nd Trident-z 3600C16EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer
Does anyone know, or could point me in the direction of somewhere that can answer this? Many computers do NOT have the things checked that should be checked. There is no way to push change out to all computers running IE?
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer
Dell Computers, Round Rock TX, has had for years, from DOS/Windows 3.1 - Windows 7 & beyond, one of the finest, most thorough push-technologies [for updating umpteen computers] that I've known about. You will probably have to pay something for a Dell tech to give you knowledge-wise what you need to: know, purchase, implement, and maintain your own push-technology. From line-items to whole net-station downloads...
 

My Computer My Computer

At a glance

Windows 7 Professional 64-bitDesktop i5; Acers i5 & i7desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Antec desktop; Acer Aspire laptops
OS
Windows 7 Professional 64-bit
CPU
Desktop i5; Acers i5 & i7
Memory
desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Hard Drives
1TB split into 2 equal partitions [OS and data] usable by RJS
Internet Speed
AT&T DSL
Browser
FF, GChrome, msIE
Other Info
Windows 7 Firewall, Emsisoft AM/AV, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
Dell Computers, Round Rock TX, has had for years, from DOS/Windows 3.1 - Windows 7 & beyond, one of the finest, most thorough push-technologies [for updating umpteen computers] that I've known about. You will probably have to pay something for a Dell tech to give you knowledge-wise what you need to: know, purchase, implement, and maintain your own push-technology. From line-items to whole net-station downloads...

Are you just trying to push a service here? You are trying to say that there is no GPO or script that can be written to change IE settings across a domain network?
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer
Nope, not at all! I'm just saying that what you want and need may carry a price tag. However, keep watching this thread, there are many great techs [of which I'm not one of] who probably can give you valuable guidance.
 

My Computer My Computer

At a glance

Windows 7 Professional 64-bitDesktop i5; Acers i5 & i7desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Antec desktop; Acer Aspire laptops
OS
Windows 7 Professional 64-bit
CPU
Desktop i5; Acers i5 & i7
Memory
desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Hard Drives
1TB split into 2 equal partitions [OS and data] usable by RJS
Internet Speed
AT&T DSL
Browser
FF, GChrome, msIE
Other Info
Windows 7 Firewall, Emsisoft AM/AV, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
Okay, I'll bite.

Here's your script, Mike.


th-367767.vbs
Code:
'''
use_ssl_20 = True
use_ssl_30 = True
use_tls_10 = True
use_tls_11 = True
use_tls_12 = True

close_internet_explorer_first = True
restart_computer = False
display_done_message = -1 'Number of seconds. Zero for no message. Negative number for infinite. 
'''

intValue = 0
If use_ssl_20 = True Then intValue = intValue + 8
If use_ssl_30 = True Then intValue = intValue + 32
If use_tls_10 = True Then intValue = intValue + 128
If use_tls_11 = True Then intValue = intValue + 512
If use_tls_12 = True Then intValue = intValue + 2048

If close_internet_explorer_first = True Then
	With CreateObject("Shell.Application").Windows()
		For I = 0 To .Count - 1
			J = 0
			If .Item(J).Name = "Internet Explorer" Then
				Call .Item(J).Quit()
			Else
				J = J + 1
			End If
		Next
	End With
End If

Set WshShell = CreateObject("WScript.Shell")

strKey = "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols"
strType = "REG_DWORD"
WshShell.RegWrite strKey, intValue, strType

If display_done_message <> 0 Then 
	WshShell.Popup "Done.", display_done_message
End If

If restart_computer = True Then 
	WshShell.Run "shutdown.exe /r /t 0", 0
End If
 

My Computer My Computer

At a glance

Windows 10, Windows 8.1 Pro, Windows 7 Profes...
Computer type
PC/Desktop
OS
Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
Nope, not at all! I'm just saying that what you want and need may carry a price tag. However, keep watching this thread, there are many great techs [of which I'm not one of] who probably can give you valuable guidance.
Thanks. I thought it wasn't that difficult to push out a GPO or something to update all internet settings to be the same. Myt network admin is back later today, hopefully he has some knowledge regarding how to do this. Everyone I have asked, just in passing, said it was not a difficult thing to achieve.
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer
...and they're probably correct! :) I see somebody already gave you a script -- please let us know how it all worked for you.
 

My Computer My Computer

At a glance

Windows 7 Professional 64-bitDesktop i5; Acers i5 & i7desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Antec desktop; Acer Aspire laptops
OS
Windows 7 Professional 64-bit
CPU
Desktop i5; Acers i5 & i7
Memory
desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Hard Drives
1TB split into 2 equal partitions [OS and data] usable by RJS
Internet Speed
AT&T DSL
Browser
FF, GChrome, msIE
Other Info
Windows 7 Firewall, Emsisoft AM/AV, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
Okay, I'll bite.

Here's your script, Mike.


th-367767.vbs
Code:
'''
use_ssl_20 = True
use_ssl_30 = True
use_tls_10 = True
use_tls_11 = True
use_tls_12 = True

close_internet_explorer_first = True
restart_computer = False
display_done_message = -1 'Number of seconds. Zero for no message. Negative number for infinite. 
'''

intValue = 0
If use_ssl_20 = True Then intValue = intValue + 8
If use_ssl_30 = True Then intValue = intValue + 32
If use_tls_10 = True Then intValue = intValue + 128
If use_tls_11 = True Then intValue = intValue + 512
If use_tls_12 = True Then intValue = intValue + 2048

If close_internet_explorer_first = True Then
	With CreateObject("Shell.Application").Windows()
		For I = 0 To .Count - 1
			J = 0
			If .Item(J).Name = "Internet Explorer" Then
				Call .Item(J).Quit()
			Else
				J = J + 1
			End If
		Next
	End With
End If

Set WshShell = CreateObject("WScript.Shell")

strKey = "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols"
strType = "REG_DWORD"
WshShell.RegWrite strKey, intValue, strType

If display_done_message <> 0 Then 
	WshShell.Popup "Done.", display_done_message
End If

If restart_computer = True Then 
	WshShell.Run "shutdown.exe /r /t 0", 0
End If

Hey, thanks! I wasn't expecting anyone to actually do it, just what would be best. It actually was pretty simple to do by creating a GPO on the domain controller.
 

My Computer My Computer

At a glance

Windows 8 Pro8gb
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro
Memory
8gb
Monitor(s) Displays
23 inch Acer
Back
Top