Siebel version 7 & 8 settings for Internet Explorer versions 6, 7 and 8 [ID 1066053.

1] Modified 26-JUL-2010 Type REFERENCE Status PUBLISHED In this Document Purpose Scope Siebel version 7 & 8 settings for Internet Explorer versions 6, 7 and 8

Applies to:
Siebel CRM - Version: 7.5.2 [15051] to 8.1.1 [21112] - Release: V7 to V8 Information in this document applies to any platform.

Purpose
This is a list of all Oracle-recommended settings for the Advanced and Security sections of all three supported Internet Explorer versions used as High Interactivity Web Clients with Siebel version 7 and version 8 Applications. The requirements and recommendations contained herein are based solely upon Siebel software functionality requirements. Best practices may require additional changes to settings such as for additional security, performance and UI constancy, all of which are outside the scope of this document.

Scope
KEY: E + ? / X -==> Required enabled (EP -- "Prompt" OK) ==> Recommended enabled (+P -- "Prompt" OK) ==> No Siebel recommendation ==> Recommended disabled ==> Required disabled ==> Does not exist in version

Siebel version 7 & 8 settings for Internet Explorer versions 6, 7 and 8

Internet Explorer> Tools > Internet Options > Advanced > Section/Setting Accessibility Always expand ALT text for images Enable Caret Browsing for new windows and tabs Move System Caret with Focus/Selection Changes Reset text size to medium for new windows and tabs Reset text size to medium while zooming Reset Zoom level to 100% for new windows and tabs Notes IE6 IE7 IE8

? -? ----

? -? ? ? ?

? ? ? ? ? ?

Browsing Always send URLs as UTF-8 Automatically check for Internet Explorer updates Close unused folders in History and Favorites Disable script debugging (Internet Explorer) Disable script debugging (Other) Display a notification about every script error Display Accelerator button on selection Enable automatic crash recovery Enable FTP folder view (outside of Internet Explorer) Enable Install on Demand (Internet Explorer) Enable Install on Demand (other) Enable offline items to be synchronized on a schedule Enable page transitions Enable personalized favorites menu Enable Suggested Sites Enable third-party browser extensions Enable visual styles on buttons and controls on webpages Enable websites to use the search pane Force offscreen compositing even under Terminal Server Notify when downloads complete Reuse windows for launching shortcuts Show friendly HTTP Error messages Show friendly URLs Show Go button in Address bar Underline links Use Inline AutoComplete Use most recent order when switching tabs with Ctrl+Tab Use Passive FTP (for firewall and DSL modem compatibility) Use Smooth Scrolling HTTP 1.1 Settings Use HTTP 1.1 Use HTTP 1.1 through proxy connections International Always show encoded addresses Send IDN server names Send IDN server names for Intranet Addresses Send UTF-8 URLS Show information bar for encoded addresses + / ? + + / --? ? ? ? ? ? -/ ? * ? -? ? + / / ? ? ? -? -see Int'l / ? + + / --? ---? ? -/ ? ? ? ? + / --? ? ? ? ? see Int'l / ? + + / ? ? ? ---? -? / ? ? ? ? + / --? ? ? ? ?

+ +

+ +

+ +

---see Browsing

? ? ? + ?

? ? ? + ?

--

Use UTF-8 for mailto links Java (Sun) Use JRE X.Y.Z_nn for <applet> Microsoft VM Java consolde enabled Java logging enabled JIT compiler for virtual machine enabled Multimedia Always use ClearType for HTML Enable automatic image resizing Enable Image Toolbar Play animations in webpages Play sounds in webpages Play videos in webpages Show image download placeholders Show Pictures Smart image dithering Printing Print Background Colors and Images Search from the Address bar Security Allow active content from CDs to run on My Computer Allow active content to run in files on My Computer Allow software to run or install even if the signature is invalid Check for publisher's certificate revocation Check for server certificate revocation Check for signatures on downloaded programs Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Enable DOM Storage Enable Integrated Windows Authentication Enable memory protection to help mitigate online attacks Enable native XMLHTTP support Phishing Filter Enable Profile Assistant Enable SmartScreen Filter Use SSL 2.0 ?
Low/Medium (if used)

--

E --

E -----

E if used E if used E if used

----

-? ? ? ? ? + + +

? ? -? ? -+ + +

? ? -? ? -+ + +

+ ?

+ ?

+ ?

? ? ? ? ? ? ? ? ? / -?
See 'DEP/NX' note below

? ? ? ? ? ? ? / -? X ? ? ? -?

? ? ? ? ? ? ? / ? X ? --? ?

---? -?

Use SSL 3.0 Use TLS 1.0 Warn about invalid site certificates Warn about certificate address mismatch Warn if changing between secure and not secure mode Warn if forms/POST submittal is being redirected to a zone that does not permit posts

? ? ? ? / ?

? ? ? ? / ?

? ? -? / ?

Internet Explorer> Tools > Options > Security tab > Custom Section/Setting .NET Framework Loose XAML Permissions for components with manifests Run components not signed with Authenticode Run components signed with Authenticode XAML browser applications XPS documents ActiveX controls and plug-ins Allow previously unused ActiveX controls to run without prompt Allow Scriptlets Automatic prompting for ActiveX controls Binary and script behaviors Display video and animation on a webpage that does not use external media player Download signed ActiveX controls Download unsigned ActiveX controls Initialize and script ActiveX controls not marked as safe Only allow approved domains to use ActiveX without prompt Run ActiveX controls and plug-ins Script ActiveX controls marked safe for scripting Downloads Automatic prompting for file downloads File download Font download Enable .NET Framework setup Miscellaneous Access data sources across domains Allow META Refresh Notes IE6 IE7 IE8

-? ? ? ---

-? ? ? ---

? ? ? ? ? ?

--E ? -** E +P +P ? E E

E -E ? -E +P +P ? E E

E ? E ? ? E +P +P ? E E

? E ? --

? E ? --

? E ?

? ?

X ?

X ?

X ?

Allow scripting of Internet Explorer (Microsoft) Web browser control Allow script-initiated windows without size or position constraints: Allow webpages to use restricted protocols for active content ? Allow websites to open windows without address or status bars Display mixed content Don't prompt for client certificate selection when no certificates or only one certificate exists Drag and drop or copy and paste files: Include local directory path when uploading files to a server Installation of desktop items Launching applications and unsafe files Launching programs and files in an IFRAME ? Navigate windows/frames/sub-frames across different domains Open files based on content, not file extension Software channel permissions Submit nonencrypted form data Use Pop-up Blocker ? Use SmartScreen Filter Userdata persistence Web sites in less privileged web content zone can navigate into this zone Scripting Active scripting Allow paste operations via script Allow Programmatic clipboard access Allow status bar updates via script Allow websites to prompt for information using scripted windows Enable XSS filter Scripting of Java applets User Authentication Logon

? + ? -+ + ? -? -EP + ? ? ? ? -? ?

? + ? -+ + ? -? -EP + ? ? ? ? -? ?

? + ? E + + ? ? ? ? EP + ? ? ? ? ? ? ?

E + ----E

E + ----E

E -? + + ? E

* Though unsupported this setting may be necessary if Citrix or Terminal Services are used ** Can be disabled if all ActiveX controls are pre-deployed (see DocID 476952.1) ? Ensure Siebel application servers and components are whitelisted or excluded ? In case of CTI AUX pop-up freezing, DISABLE this setting (Doc ID 512212.1) ? In case of CTI AUX pop-up freezing, ENABLE this setting; Also ENABLE if Siebel Server and Analytics Web Server are installed on machines in completely different domains ? Enable if needed to resolve IE error 'P5 is null or not an object' ---DEP/NX (Data Execution Protection / No-Execute) is a method to help prevent buffer overflow attacks through blocking code marked as non-executable from executing. Disabled by default in

IE7 it is enabled by default in IE8. Unfortunately it requires the full recompilation of all elements involved which itself requires new compilers. Oracle is aware of the requirements and is working on a resolution at the time of this update (June, 2010). DEP/NX can be disabled through IE8 options, through the Group Policy Editor (Computer Configuration > Internet Explorer > Security Features > Turn off Data Execution Prevention) and through he command line allowing logon.bat or administrative batch scripting propagation: (Using "CMD" as Administrator, run bcdedit.exe /set {current} nx AlwaysOff )