Professional Documents
Culture Documents
1)
Modified: 20Feb2015 Type: REFERENCE
APPLIESTO:
SiebelCRMVersion7.7.1[18306]to7.7.2.13[18394][ReleaseV7]
SiebelCRMVersion7.5.2[15051]to7.5.3.17[16285][ReleaseV7]
SiebelCRMVersion7.8[19021]to7.8.2.16[19255][ReleaseV7]
SiebelCRMVersion8.0[20405]to8.0.0.13[20448][ReleaseV8]
SiebelCRMVersion8.1[21039]to8.1.1.8[23012][ReleaseV8]
Informationinthisdocumentappliestoanyplatform.
PURPOSE
Advanced
ThisisalistofallOraclerecommendedsettingsforthe Security
and sectionsofInternetExplorerversions6,7,and8usedasHighInteractivityWebClientswith
Siebelversion7andversion8Applications.LaterIEversionsarenotsupportedenvironmentsshouldemployOpenUIusingstandardscompliantbrowsers.
TherequirementsandrecommendationscontainedhereinarebasedsolelyuponSiebelsoftwarefunctionalityrequirements.Customerenvironmentsmayrequireadditionalchanges
tosettingssuchasforadditionalsecurity,performanceandUIconstancy,allofwhichareoutsidethescopeofthisdocument.
Becauseofitsnaturethisdocumentcontainsnoupdatehistory.Nontrivialchangestothedocumentarenotedinthefootnotes.
SCOPE
KEY:
E==>Requiredenabled(EP"Prompt"OK)
+==>Recommendedenabled(+P"Prompt"OK)
0==>NoSiebelrecommendation
/==>Recommendeddisabled
X==>Requireddisabled
==>Doesnotexistinversion
(a)...(j)==>Seefootnotesbelowthetables
DETAILS
InternetExplorer>Tools>InternetOptions>General>Tabssection:Settings>
Section/Setting Notes IE6 IE7 IE8
Onlyone
Siebeltab
Whenapopupisencountered:
allowedper
IEinstance
Alwaysopenpopupsinanewwindow E E
InternetExplorer>Tools>InternetOptions>Advanced>
Accessibility
AlwaysexpandALTtextforimages 0 0 0
EnableCaretBrowsingfornewwindowsandtabs 0
MoveSystemCaretwithFocus/SelectionChanges 0 0 0
Resettextsizetomediumfornewwindowsandtabs 0 0
Resettextsizetomediumwhilezooming 0 0
ResetZoomlevelto100%fornewwindowsandtabs 0 0
Browse
CloseunusedfoldersinHistoryandFavorites 0 0 0
Disablescriptdebugging(InternetExplorer) + + +
Disablescriptdebugging(Other) + + +
Displayanotificationabouteveryscripterror / / /
DisplayAcceleratorbuttononselection 0
Enableautomaticcrashrecovery 0
EnableFTPfolderview(outsideofInternetExplorer) 0 0 0
EnableInstallonDemand(InternetExplorer) 0
EnableInstallonDemand(other) 0
Enableofflineitemstobesynchronizedonaschedule 0
Enablepagetransitions 0 0 0
Enablepersonalizedfavoritesmenu 0 0
EnableSuggestedSites 0
Enablethirdpartybrowserextensions / / /
Enablewebsitestousethesearchpane 0 0
Notifywhendownloadscomplete 0 0 0
Recommended
Reusewindowsforlaunchingshortcuts for + + +
performance
ShowfriendlyHTTPErrormessages / / /
ShowGobuttoninAddressbar 0
Underlinelinks 0 0 0
UseInlineAutoComplete 0 0 0
UsemostrecentorderwhenswitchingtabswithCtrl+Tab 0 0
UseSmoothScrolling 0 0
HTTP1.1Settings
UseHTTP1.1 + + +
UseHTTP1.1throughproxyconnections + + +
International
Alwaysshowencodedaddresses 0 0
SendIDNservernames 0 0
SendIDNservernamesforIntranetAddresses 0 0
see
SendUTF8URLS Browse + +
Showinformationbarforencodedaddresses 0 0
UseUTF8formailtolinks 0 0
Java(Sun)
UseJREX.Y.Z_nnfor<applet> + E
Low/Medium
MicrosoftVM (ifused)
Javaconsoldeenabled Eifused
Javaloggingenabled Eifused
JITcompilerforvirtualmachineenabled Eifused
Multimedia
AlwaysuseClearTypeforHTML 0 0
Enableautomaticimageresizing 0 0 0
EnableImageToolbar 0
Playanimationsinwebpages 0 0 0
Playsoundsinwebpages 0 0 0
Playvideosinwebpages 0
Showimagedownloadplaceholders + + +
ShowPictures + + +
Smartimagedithering + + +
Printing
PrintBackgroundColorsandImages + + +
Security
AllowactivecontentfromCDstorunonMyComputer 0 0 0
AllowactivecontenttoruninfilesonMyComputer 0 0 0
Allowsoftwaretorunorinstallevenifthesignatureisinvalid 0 0 0
Checkforservercertificaterevocation 0 0 0
Donotsaveencryptedpagestodisk 0 0 0
EmptyTemporaryInternetFilesfolderwhenbrowserisclosed / / /
EnableDOMStorage 0
EnableIntegratedWindowsAuthentication 0 0 0
SeeDEP/NXnote
Enablememoryprotectiontohelpmitigateonlineattacks below X X
EnablenativeXMLHTTPsupport 0 0
PhishingFilter 0
EnableProfileAssistant 0 0
EnableSmartScreenFilter 0
UseSSL2.0 0 0 0
UseSSL3.0 0 0 0
Warnaboutinvalidsitecertificates 0 0
Warnaboutcertificateaddressmismatch 0 0 0
Warnifchangingbetweensecureandnotsecuremode / / /
Warnifforms/POSTsubmittalisbeingredirectedtoazonethatdoesnotpermitposts 0 0 0
InternetExplorer>Tools>Options>Securitytab>Custom
.NETFramework
LooseXAML 0
Permissionsforcomponentswithmanifests 0 0 0
RuncomponentsnotsignedwithAuthenticode 0 0 0
RuncomponentssignedwithAuthenticode 0 0 0
XAMLbrowserapplications 0
XPSdocuments 0
ActiveXcontrolsandplugins
AllowpreviouslyunusedActiveXcontrolstorunwithoutprompt E E
AllowScriptlets 0
AutomaticpromptingforActiveXcontrols E E E
Binaryandscriptbehaviors 0 0 0
Displayvideoandanimationonawebpagethatdoesnotuseexternalmediaplayer 0
DownloadunsignedActiveXcontrols +P +P +P
InitializeandscriptActiveXcontrolsnotmarkedassafe +P +P +P
ScriptActiveXcontrolsmarkedsafeforscripting E E E
Downloads
Automaticpromptingforfiledownloads 0 0 0
Filedownload E E E
Fontdownload 0 0 0
Enable.NETFrameworksetup 0
Miscellaneous
Accessdatasourcesacrossdomains SeeDSAD X X X
notebelow
AllowMETARefresh (a) (a) (a) (a)
AllowscriptingofInternetExplorer(Microsoft)Webbrowsercontrol 0 0 0
Displaymixedcontent + + +
Don'tpromptforclientcertificateselectionwhennocertificatesoronlyonecertificateexists + + +
Draganddroporcopyandpastefiles: 0 0 0
Includelocaldirectorypathwhenuploadingfilestoaserver 0
Installationofdesktopitems 0 0 0
Launchingapplicationsandunsafefiles 0
Navigatewindows/frames/subframesacrossdifferentdomains + + +
Openfilesbasedoncontent,notfileextension 0 0 0
Softwarechannelpermissions 0 0 0
Submitnonencryptedformdata 0 0 0
UseSmartScreenFilter 0
Userdatapersistence 0 0 0
Websitesinlessprivilegedwebcontentzonecannavigateintothiszone 0 0 0
Scripting
Activescripting E E E
Allowpasteoperationsviascript + +
AllowProgrammaticclipboardaccess 0
Allowstatusbarupdatesviascript +
Allowwebsitestopromptforinformationusingscriptedwindows +
EnableXSSfilter
ScriptingofJavaapplets E E E
UserAuthentication
Logon 0 0 0
Settingnotes:
(a)IncaseofCTIAUXpopupfreezing,DISABLEthissetting(DocID512212.1)
(b)ThoughunsupportedthissettingmaybenecessaryifCitrixorTerminalServicesareused
(c)IncaseofCTIAUXpopupfreezing,ENABLEthissetting
{variable_name}
(d)EnableifneededtoresolvetheIEerror' isnullornotanobject'.ThisindicatesaJavaScripterror,usuallyinconjunctionwithsecuresites,TLSmayneedtobe
enabledforthescriptingtofunctioncorrectly.
(e)CanbedisabledifallActiveXcontrolsarepredeployed(seeDocID476952.1)
(f)PreferredduetoSiebelusepopups(e.g.MLOVs,hiddenwindows)butnotabsolutelynecessary
(g)EnsureSiebelapplicationserversandcomponentsarewhitelistedorexcluded
(h)TechnicalSupporthasbeenabletoreproducecrashesinmultipleconfigurationswhenthissettingisenabled.SeeDocIDNOTE1270206.1
(j)AutomaticupdatechecksarenotavailableforWin7/IE8orIE9,norforanysysteminwhichtheNoUpdateCheckregistrysettingisactivated,eitherlocallyorviaGroupPolicies.
DEP/NX(DataExecutionProtection/NoExecute)isamethodtohelppreventbufferoverflowattacksthroughblockingcodemarkedasnonexecutablefromexecuting.Disabledby
defaultinIE7itisenabledbydefaultinIE8.Unfortunatelyitrequiresthefullrecompilationofallelementsinvolvedwhichitselfrequiresnewcompilers.
DEP/NXcanbedisabledthroughIE8options,throughtheGroupPolicyEditor( ComputerConfiguration>InternetExplorer>SecurityFeatures>TurnoffDataExecutionPrevention
)
andthroughthecommandlineallowinglogon.batoradministrativebatchscriptingpropagation:(Using"CMD"asAdministrator,runbcdedit.exe/set{current}nxAlwaysOff)
DSAD:DATASOURCESACROSSDOMAINS
Theparameter Accessdatasourcesacrossdomains
isrequiredonlyiftheclientmachineisgoingtoaccessdatainanothernetworkdomain.Themostcommonreasontodothisis
toaccessAnalyticschartsandreportsfromaBusinessIntelligenceserver.TheseserversarecommonlyconfiguredinaseparatenetworkdomainfromSiebel.Ifyoudonotuse
Analyticsoryouarecertainthatyoudonotneedtoaccessdatainanothernetworkdomain,youshouldsetthisparameterto Disableandnotethefollowing:
1.TheSiebelBrowserHealthCheckprogramwillnoticethattheparameterisdisabledandwillaskyoutoenableitbeforelogin.Youmaycheckthebox Pleasedonotwarnme
againaboutrecommendedsettings. topreventthemessagefromappearingateachlogin.
2.Disablingthisparametercanoffersomeprotectionagainstcertainkindsofsecurityvulnerabilities.Ifavirusorothermalwareweretoinfecttheclientsystem,theywilloften
attempttoconnecttoa'home'machine,ortoscanthenetworkforothervulnerablemachines,includinginadjacentdomains.Disablingthisparameterpreventsaccesstoother
networkdomains,butwillnotstopanattempttoconnecttoanothermachineovertheinternet.
3.TheBrowserHealthCheckmaythrowawarningandrecommendationaboutthissetting.ThecheckisoptionalandcanbedisabledintheBHCsettings/inifile.Thesettingslisted
inthisdocumentarecorrectwiththereasoningbehindthemlistedabove.
Note:Regarding"DataSourcesAcrossDomains"parameter...'Bug12533100HEALTHCHECK:REMOVEACCESSDATASOURCESACROSSDOMAINSVALIDATION'hasbeen
implemented(asBug12669859)sinceFP8.1.1.8.OnceyouapplyFP8.1.1.8orlater,thissettingisnolongercheckedbydefault.
ProducteConfigurator(version8.x)
Ifyouareusingversion8.xSiebelProducteConfiguratoryoumustensurethatthebrowserallowsapagereloadratherthancachedisplaybysettingthe" Checkfornewerversions
ofstoredpages "optionto"Automatic.FordetailsaboutthisissueandinstructionsonimplementingthechangespleaseseeNOTE803693.1, Productconfiguratorhangingwhen
changingUIgrouptabs .
REFERENCES
Didn'tfindwhatyouarelookingfor?