.NET Code for Setting IE Preferences

GregL from Denim Group spent a bunch of time solving a .NET coding issue last week.  Since he couldn’t find the information he needed with a simple Google query I figured I would put some of it up here hoping to help folks who had to solve the same problem in the future.

The situation was this: He had a WebBrowser control that we were using in a Windows Forms application to display web pages inside an application that was essentially a custom web browser.  On a new Windows XP installation, the first time you try to submit a form to access the Internet you get the annoying message:

When you send information to the internet, it might  be possible for others to see that information.  Do you want to  continue?

First of all this is a pretty pointless message.  But whatever…

The problem he ran into was that the pop up windows didn’t appear when it was initiated by the WebBrowser control, causing the application to hang while waiting for a response.  To get around this he wanted to set the registry key related to this error message so the system treated it as if the message had already been accepted.

To find the correct registry key, he used RegMon from SysInternals to watch for keys being written.  He limited his search to keys off of “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInterent Settings”  He also limited the search to only look at keys associated with iexplorer.exe’s registry activity and to highlight all SetValue calls.  There were still a HUGE number of entries because IE is very chatty with the registry…

The code to do this ought to look something like this:

RegistryKey key = Registry.CurrentUser.OpenSubKey(“\Software\Microsoft\Windows\CurrentVersion\Interent Settings\Zones\3”,true);
if (key == null)
{
key = Registry.CurrentUser.CreateSubKey(“\Software\Microsoft\Windows\CurrentVersion\Interent Settings\Zones\3”);
}
key.SetValue(“1601”, 0);

Zone 3 is for the “Internet” zone.
1601 is the message key we are zeroing out.

So this was fun stuff.  Many thanks to GregL for all the detective work tracking this down.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Information Security

Leave a Reply

Your email address will not be published. Required fields are marked *