I had a similar situtation with local HTML files used as custom start
pages. I'm using the 'Mark
of the Web' method which you can find at
http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/lockdown_devimp.aspx
It doesn't specify where in the HTML file it should go and most anywhere
seems to work, but I had a file that actually was saved from the web, and
there it was located at the top just before <HTML>. Just be sure there are
no spaces after the
-->
(end of comment mark)
and <HTML>. Not sure why this has to be, but it won't work if there is a
space there. So something like:
<!-- saved from url=(0028)
http://www.InternetZone.net/ -->
at the top of your file immediately before <HTML> should fix it. You can
change InternetZone.net to a real web address if
desired, it doesn't matter. The 28 is the number of characters in the web
address following, if you change the address, you'll have to modify the
character count too.
(Before I found this method, I had tried renaming the file to *.hta, but
that lets off the menu and toolbar, which I didn't like at all.)
To totally disable this security feature (which I don't recommend--not all
javascript or other active content is safe):
right click IE|Properties|Advanced| scroll down to 'Security', check 'Allow
active content to run in files on my Computer', click 'OK'.