Overview
By Default IsInstalled is set to "1", which means is IE Enhanced Security setting is Enabled. If the default value is updated to "0" then IE Enhanced Security setting is disabled.
Applies To
Pre-Requisites
| Policy Type | Purpose |
|---|---|
| Restricted | No scripts can be run. Windows PowerShell can be used only in interactive mode. |
| AllSigned | Only scripts signed by a trusted publisher can be run. |
| RemoteSigned | Downloaded scripts must be signed by a trusted publisher before they can be run. |
| Unrestricted | No restrictions; all Windows PowerShell scripts can be run. |
PowerShell Script - Check Internet Explorer's Enhanced Security
This script will read the registry for checking Internet Explorer’s Enhanced Security Registry Key IsInstalled Key Value setting. By default this option value is set to "1".
Code Snippet
# # Define Environment Variables # $ComputerName=$env:COMPUTERNAME $IEAdminRegistryKey="HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $IEUserRegistryKey ="HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}” Clear-Host if ((Test-Path -Path $IEAdminRegistryKey) -or (Test-Path -Path $IEUserRegistryKey)) { $IEAdminRegistryValue=(Get-ItemProperty -Path $IEAdminRegistryKey -Name IsInstalled).IsInstalled if ($IEAdminRegistryKey -ne "" ) { if ($IEAdminRegistryValue -eq 0 -or $IEAdminRegistryValue -eq 1) { Write-Host "`nInternet Explorer Enhanced Security for Admin is Supported on $ComputerName" Write-Host "`n`nCurrently Registry Value is set to - $IEAdminRegistryValue`n" -ForegroundColor Black -BackgroundColor Green [console]::Beep(600,700) } else { Write-Host "$IEAdminRegistryValue IsInstalled Key Value - Is Empty" -ForegroundColor Black -BackgroundColor Green [console]::Beep(600,700) } $IEUserRegistryValue=(Get-ItemProperty -Path $IEUserRegistryKey -Name IsInstalled).IsInstalled if ($IEUserRegistryKey -ne "" ) { if ($IEUserRegistryValue -eq 0 -or $IEUserRegistryValue -eq 1) { Write-Host "`nInternet Explorer Enhanced Security for User is Supported on $ComputerName" Write-Host "`n`nCurrently Registry Value is set to - $IEUserRegistryValue`n" -ForegroundColor Black -BackgroundColor Green [console]::Beep(600,700) } else { Write-Host "$IEUserRegistryValue IsInstalled Key Value - Is Empty" -ForegroundColor Black -BackgroundColor Green [console]::Beep(600,700) } } } } else { Write-Host "`nReigstry Key Not Found!" -ForegroundColor Black -BackgroundColor Green [console]::Beep(600,700) }
PowerShell Output
In this example, Windows 10 and Windows 2012 servers have been checked.Registry Key – Local Machine Profile
Shown below is the current registry key value set for the “Admin”. Below is the screenshot upon executing the current PowerShell script.
Registry Key – Not Defined
When the Registry key is not defined, below message will be displayed.
Registry Key – Display Values
Listed below is the current registry values of Windows 2012 server; Admin Registry value has been set to “1” and User Registry value has been set to “0”, as shown below.
Note / Disclaimer: Modifying and revoking registry can result in system crash and system might not be recoverable. This blog is for only informational or reading purposes only.
No comments:
Post a Comment