At my workplace, users regularly visit some Web sites in which they have to register. These sites require users to enable cookies in Microsoft Internet Explorer (IE) so that they can sign in. However, we use Group Policy, and our domain's default policy disables all cookies.
Because adding Web sites to the Local intranet or Trusted sites zone wasn't an option, I looked into whether I could use a Group Policy setting to centrally define exceptions for cookies. I was unable to find such a setting.
Not wanting to have to teach each user how to define exceptions in IE, I decided to come up with my own solution. I used RegMon (http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx) to track where IE stores cookie settings. I found that the settings are under the HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\P3P\ History registry key.
To accept cookies from a domain, I created a new subkey and gave it a default DWORD value of 1. For example, to accept cookies from the microsoft.com domain, I created the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\P3P\History\microsoft. com subkey and gave it a default DWORD value of 1.
You can't use regedit to create a subkey with a default DWORD. (When you create a subkey, regedit automatically creates a default REG_SZ value.) So, I used .reg files to create the subkeys. For example, Figure 1 shows the .reg file for creating the microsoft. com subkey.
I then wrote a batch file that uses the reg. exe utility to read and apply the .reg files. (Reg .exe is built into Windows Server 2003 and is part of the Windows 2000 Support Tools.)
I inserted the batch file in a Group Policy Object (GPO) under User Configuration\Window Settings\Script\Logon Scripts.
With this solution, I can allow cookies but prevent users from downloading unwanted and possibly malicious files and ActiveX objects. Because the solution uses Group Policy, it's easy and quick to implement.