At some banks it is not possible to change browser settings manually, even for administrator users, since Internet Explorer is locked down by Group Policy. In this case it is possible to configure browser permissions via the registry.
Usually Internet Explorer permissions are read from DWORD registry values under the following user level registry key.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
However, the machine can be forced to use DWORD registry values at the machine level under the following registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
This can be done by adding a DWORD registry value called Security_HKLM_only under the following registry key and
assigning it value 1.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Once the registry key in effect has been identified, the Internet Explorer zone can be identified from the following list.
Each of the DWORD values corresponds to an Internet Explorer permission and the permissions of interest to
DealAxis are shown below. Setting a DWORD value to 0 changes its status to Enabled, 1 means Prompt and 3 means Disabled.
The below screenshot shows zone 2 (Trusted Sites) under the user level registry settings. The value 1200 (Run ActiveX controls
and plug-ins) is set to its default value of 0 (Enabled).
Rather than enabling all ActiveX controls for a particular zone, some banks prefer to limit ActiveX controls to an
approved list. This is possible by setting Run ActiveX controls and plug-ins to Administrator Approved as below, which
writes value 65536 to the above registry DWORD.
The CLSIDs of approved controls then need to be entered under the following registry key as DWORD values and a value
of zero means the control is approved.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls
If Internet Explorer permissions are configured at the machine level the below key would be used instead.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls
The CLSID for .Net controls is the null GUID which is the string {00000000-0000-0000-0000-000000000000}. The below
screenshot shows the null GUID configured as an approved control for the current user, so that the user has permissions to
run the Pot book grid in the browser.
Copyright © Dealogic Ltd