Siebel Administration >  Internet Explorer 6, IE 7 and IE 8 settings for Siebel

Here is the official list of Internet Explorer settings for Siebel from Oracle. This
document is valid in August 2012, although I feel it could be a bit out of date since
Oracle has released some guidelines for IE 9.
This article covers Internet Explorer settings for IE 6, IE 7 and IE 8.

This is a list of all Oracle-recommended settings for the Advanced and
Security sections of all three supported Internet Explorer versions used as High
Interactivity Web Clients with Siebel version 7 and version 8 Applications.
The requirements and recommendations contained herein are based solely upon Siebel
software functionality requirements. Best practices may require additional changes
to settings such as for additional security, performance and UI constancy,
all of which are outside the scope of this document.
Because of its nature this document contains no update history.
Non-trivial changes to the document are noted in the footnotes.

Scope
KEY:
E   ==> Required enabled (EP -- "Prompt" OK)
+   ==> Recommended enabled (+P -- "Prompt" OK)
0    ==> No Siebel recommendation
/    ==> Recommended disabled
X   ==> Required disabled
--   ==> Does not exist in version
(a)...(f) ==> See footnotes below the tables
Details


Internet Explorer> Tools > Internet Options > Advanced >

Section/Setting

  Notes

IE6

IE7

IE8

 

 

 

 

 

Accessibility

 

 

 

 

Always expand ALT text for images

 

0

0

0

Enable Caret Browsing for new windows and tabs

 

--

--

0

Move System Caret with Focus/Selection Changes

 

0

0

0

Reset text size to medium for new windows and tabs

 

--

0

0

Reset text size to medium while zooming

 

--

0

0

Reset Zoom level to 100% for new windows and tabs

 

--

0

0

 

 

 

 

 

Browse

 

 

 

 

Always send URLs as UTF-8

 

+

see Int'l

see Int'l

Automatically check for Internet Explorer updates

 

/

/

/

Close unused folders in History and Favorites

 

0

0

0

Disable script debugging (Internet Explorer)

 

+

+

+

Disable script debugging (Other)

 

+

+

+

Display a notification about every script error

 

/

/

/

Display Accelerator button on selection

 

--

--

0

Enable automatic crash recovery

 

--

--

0

Enable FTP folder view (outside of Internet Explorer)

 

0

0

0

Enable Install on Demand (Internet Explorer)

 

0

--

--

Enable Install on Demand (other)

 

0

--

--

Enable offline items to be synchronized on a schedule

 

0

--

--

Enable page transitions

 

0

0

0

Enable personalized favorites menu

 

0

0

--

Enable Suggested Sites

 

--

--

0

Enable third-party browser extensions

 

/

/

/

Enable visual styles on buttons and controls on webpages

  (a)

0 (a)

0 (a)

0 (a)

Enable websites to use the search pane

 

--

0

0

Force offscreen compositing even under Terminal Server

  (b)

0 (b)

0 (b)

0 (b)

Notify when downloads complete

 

0

0

0

Reuse windows for launching shortcuts

 Recommended for
 performance

+

+

+

Show friendly HTTP Error messages

 

/

/

/

Show friendly URLs

  / (c)

/ (c)

--

--

Show Go button in Address bar

 

0

--

--

Underline links

 

0

0

0

Use Inline AutoComplete

 

0

0

0

Use most recent order when switching tabs with Ctrl+Tab

 

--

0

0

Use Passive FTP (for firewall and DSL modem compatibility)

  0 (a)

0 (a)

0 (a)

0 (a)

Use Smooth Scrolling

 

--

0

0

 

 

 

 

 

HTTP 1.1 Settings

 

 

 

 

Use HTTP 1.1

 

+

+

+

Use HTTP 1.1 through proxy connections

 

+

+

+

 

 

 

 

 

International

 

 

 

 

Always show encoded addresses

 

--

0

0

Send IDN server names

 

--

0

0

Send IDN server names for Intranet Addresses

 

--

0

0

Send UTF-8 URLS

 

see
Browse

+

+

Show information bar for encoded addresses

 

--

0

0

Use UTF-8 for mailto links

 

--

0

0

 

 

 

 

 

Java (Sun)

 

 

 

 

Use JRE X.Y.Z_nn for <applet>

 

+

E

E

 

 

 

 

 

Microsoft VM

  Low/Medium
  (if used)

 

--

--

Java consolde enabled

 

E if used

--

--

Java logging enabled

 

E if used

--

--

JIT compiler for virtual machine enabled

 

E if used

--

--

 

 

 

 

 

Multimedia

 

 

 

 

Always use ClearType for HTML

 

--

0

0

Enable automatic image resizing

 

0

0

0

Enable Image Toolbar

 

0

--

--

Play animations in webpages

 

0

0

0

Play sounds in webpages

 

0

0

0

Play videos in webpages

 

0

--

--

Show image download placeholders

 

+

+

+

Show Pictures

 

+

+

+

Smart image dithering

 

+

+

+

 

 

 

 

 

Printing

 

 

 

 

Print Background Colors and Images

 

+

+

+

 

 

 

 

 

Search from the Address bar

  0 (a)

0 (a)

0 (a)

0 (a)

 

 

 

 

 

Security

 

 

 

 

Allow active content from CDs to run on My Computer

 

0

0

0

Allow active content to run in files on My Computer

 

0

0

0

Allow software to run or install even if the signature is invalid

 

0

0

0

Check for publisher's certificate revocation

  0 (a)

0 (a)

0 (a)

0 (a)

Check for server certificate revocation

 

0

0

0

Check for signatures on downloaded programs

  0 (c)

0 (c)

0 (c)

0 (c)

Do not save encrypted pages to disk

 

0

0

0

Empty Temporary Internet Files folder when browser is closed

 

/

/

/

Enable DOM Storage

 

--

--

0

Enable Integrated Windows Authentication

 

0

0

0

Enable memory protection to help mitigate online attacks

See DEP/NX note below

--

X

X

Enable native XMLHTTP support

 

--

0

0

Phishing Filter

 

--

0

--

Enable Profile Assistant

 

0

0

--

Enable SmartScreen Filter

 

--

--

0

Use SSL 2.0

 

0

0

0

Use SSL 3.0

 

0

0

0

Use TLS 1.0

  (d)

(d)

(d)

(d)

Warn about invalid site certificates

 

0

0

--

Warn about certificate address mismatch

 

0

0

0

Warn if changing between secure and not secure mode

 

/

/

/

Warn if forms/POST submittal is being redirected to a zone that does not permit posts

 

0

0

0

 

Internet Explorer> Tools > Options > Security tab > Custom

Section/Setting

  Notes

IE6

IE7

IE8

 

 

 

 

 

.NET Framework

 

 

 

 

Loose XAML

 

--

--

0

Permissions for components with manifests

 

0

0

0

Run components not signed with Authenticode

 

0

0

0

Run components signed with Authenticode

 

0

0

0

XAML browser applications

 

--

--

0

XPS documents

 

--

--

0

 

 

 

 

 

ActiveX controls and plug-ins

 

 

 

 

Allow previously unused ActiveX controls to run without prompt

 

--

E

E

Allow Scriptlets

 

--

--

0

Automatic prompting for ActiveX controls

 

E

E

E

Binary and script behaviors

 

0

0

0

Display video and animation on a webpage that does not use external media player

 

--

--

0

Download signed ActiveX controls

  E (e)

E (e)

E (e)

E (e)

Download unsigned ActiveX controls

 

+P

+P

+P

Initialize and script ActiveX controls not marked as safe

 

+P

+P

+P

Only allow approved domains to use ActiveX without prompt

   / (h)

/ (h)

/ (h)

/ (h)

Run ActiveX controls and plug-ins

 

E

E

E

Script ActiveX controls marked safe for scripting

 

E

E

E

 

 

 

 

 

Downloads

 

 

 

 

Automatic prompting for file downloads

 

0

0

0

File download

 

E

E

E

Font download

 

0

0

0

 

 

 

 

 

Enable .NET Framework setup

 

--

--

 

 

 

 

 

 

Miscellaneous

 

 

 

 

Access data sources across domains

 See DSAD note below

X

X

X

Allow META Refresh

  (a)

(a)

(a)

(a)

Allow scripting of Internet Explorer (Microsoft) Web browser control

 

0

0

0

Allow script-initiated windows without size or position constraints:

 + (f)

+ (f)

+ (f)

+ (f)

Allow webpages to use restricted protocols for active content

  0 (c)

0 (c)

0 (c)

0 (c)

Allow websites to open windows without address or status bars

 

--

--

E

Display mixed content

 

+

+

+

Don't prompt for client certificate selection when no certificates or only one certificate exists

 

+

+

+

Drag and drop or copy and paste files:

 

0

0

0

Include local directory path when uploading files to a server

 

--

--

0

Installation of desktop items

 

0

0

0

Launching applications and unsafe files

 

--

--

0

Launching programs and files in an IFRAME

  EP (c)

EP (c)

EP (c)

EP (c)

Navigate windows/frames/sub-frames across different domains

 

+

+

+

Open files based on content, not file extension

 

0

0

0

Software channel permissions

 

0

0

0

Submit nonencrypted form data

 

0

0

0

Use Pop-up Blocker

  (g)

(g)

(g)

(g)

Use SmartScreen Filter

 

--

--

0

Userdata persistence

 

0

0

0

Web sites in less privileged web content zone can navigate into this zone

 

0

0

0

 

 

 

 

 

Scripting

 

 

 

 

Active scripting

 

E

E

E

Allow paste operations via script

 

+

+

--

Allow Programmatic clipboard access

 

--

--

0

Allow status bar updates via script

 

--

--

+

Allow websites to prompt for information using scripted windows

 

--

--

+

Enable XSS filter

 

--

--

 

Scripting of Java applets

 

E

E

E

 

 

 

 

 

User Authentication

 

 

 

 

Logon

 

0

0

0

Setting notes:
(a) In case of CTI AUX pop-up freezing, DISABLE this setting (Doc ID 512212.1) 
(b) Though unsupported this setting may be necessary if Citrix or Terminal Services are used
(c) In case of CTI AUX pop-up freezing, ENABLE this setting;
(d) Enable if needed to resolve IE error 'P5 is null or not an object'p>
(e) Can be disabled if all ActiveX controls are pre-deployed (see DocID 476952.1)
(f)  Preferred due to Siebel-use pop-ups (e.g. MLOVs, hidden windows) but not absolutely necessary
(g) Ensure Siebel application servers and components are whitelisted or excluded
(h) Technical Support has been able to reproduce crashes in multiple configurations when this setting is enabled.
See DocID NOTE 1270206.1
----
DEP/NX (Data Execution Protection / No-Execute) is a method to help prevent buffer overflow attacks through blocking code marked as non-executable from executing. Disabled by default in IE7 it is enabled by default in IE8.
Unfortunately it requires the full recompilation of all elements involved which itself requires new compilers.
DEP/NX can be disabled through IE8 options, through the Group Policy Editor
(Computer Configuration > Internet Explorer > Security Features > Turn off Data Execution Prevention)
and through he command line allowing logon.bat or administrative batch scripting propagation:
(Using "CMD" as Administrator, run  bcdedit.exe /set {current} nx AlwaysOff )
----
DSAD: DATA SOURCES ACROSS DOMAINS
The parameter Access data sources across domains is required only if the client machine is going
to access data in another network domain. The most common reason to do this is to access Analytics
charts and reports from a Business Intelligence server. These servers are commonly configured in a
separate network domain from Siebel. If you do not use Analytics or you are certain that you do not
need to access data in another network domain, you should set this parameter to Disable and note the following:

1. The Siebel Browser Health Check program will notice that the parameter is disabled and will
ask you to enable it before login. You may check the box Please do not warn me again about recommended settings.
to prevent the message from appearing at each login.

2. Disabling this parameter can offer some protection against certain kinds of security vulnerabilities.
If a virus or other malware were to infect the client system, they will often attempt to connect to a
'home' machine, or to scan the network for other vulnerable machines, including in adjacent domains.
Disabling this parameter prevents access to other network domains, but will not stop an attempt to
connect to another machine over the internet.

3. The Browser Health Check may throw a warning and recommendation about this setting.
The check is optional and can be disabled in the BHC settings/ini file.
The settings listed in this document are correct with the reasoning behind them listed above.