Active content in SP2 - Open pdf file in local mch with IE

G

Guest

I've an application that download pdf file into the local PC and then
automatically open the PDF file in IE.

Before I upgrade my XP mch to SP2, it works fine.
After installing SP2, encountered the message "To help protect your
security, Internet Explorer has restricted this file from showing active
content that could access your computer". I can select "Allow Block Content"
but need to select this for every pdf file open in IE.

I've seen the 2 workaround mentioned in
http://www.winxptutor.com/lmzunlock.htm but both methods do not apply to my
case.

The other method is to "Allow active content to run in files on My computer"
in the Internet Option in IE but this will pose other security issue and not
recommended, right?

Is there any way around this problem of opening PDF file in local mch with IE?

Thank You.
 
R

Ramesh [MVP]

Kan,

That workaround mentioned in that page is intended for locally hosted
webpages. For this situation, the only option which I can think of is to
tweak the Lockdown_Zone template, rather than using "Allow active content to
run in files on My computer" option.
--------------------------------------------------------
1200 corresponds to Run ActiveX controls and plug-ins
--------------------------------------------------------
This is the restriction which you want to turn off. Open Registry Editor and
navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0

First, take a backup of the key if you want to undo the changes back.

Double-click the value "1200" and set it to 0

With that restriction disabled, Internet Explorer still takes the most
secure setting (Lockdown Zone vs the default My Computer Zone settings), so
make the changes here as well:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0

NOTE: If the Security_HKLM_only is enabled via Group Policy Editor or
registry, you need to modify the corresponding "1200" values in the
HKEY_LOCAL_MACHINE hive.

--
Ramesh, Microsoft MVP
Window XP Shell/User
http://www.mvps.org/sramesh2k



I've an application that download pdf file into the local PC and then
automatically open the PDF file in IE.

Before I upgrade my XP mch to SP2, it works fine.
After installing SP2, encountered the message "To help protect your
security, Internet Explorer has restricted this file from showing active
content that could access your computer". I can select "Allow Block Content"
but need to select this for every pdf file open in IE.

I've seen the 2 workaround mentioned in
http://www.winxptutor.com/lmzunlock.htm but both methods do not apply to my
case.

The other method is to "Allow active content to run in files on My computer"
in the Internet Option in IE but this will pose other security issue and not
recommended, right?

Is there any way around this problem of opening PDF file in local mch with
IE?

Thank You.
 
G

Guest

Thanks. It works after changing the value '1200' from 3 to 0 in the registy.
Now, I do not need to enable "Allow active content to run in files on My
computer".

My concern are
1. What areas of my system is being compromised with this change?
2. Can I just make the changes on HKEY_LOCAL_MACHINE hive using the admin
account and subsequent login with the Users account will have the change
implemented on each users login?
3. I'm thinking of getting our software developer to make this registry
changes during installation of our application. Is this possible?
 
R

Ramesh [MVP]

Glad that helped!
Internet Explorer can run any ActiveX control in the Local Machine Zone. But
scripts should not run. See

Description of Internet Explorer security zones registry entries:
http://support.microsoft.com/default.aspx?kbid=182569

See Security_HKLM_Only policy in the above site.

This could be easily accomplished via a VBS or a REG script, not sure about
the application installer (I've not packaged any application so far)

--
Ramesh, Microsoft MVP
Window XP Shell/User
http://www.mvps.org/sramesh2k


Thanks. It works after changing the value '1200' from 3 to 0 in the registy.
Now, I do not need to enable "Allow active content to run in files on My
computer".

My concern are
1. What areas of my system is being compromised with this change?
2. Can I just make the changes on HKEY_LOCAL_MACHINE hive using the admin
account and subsequent login with the Users account will have the change
implemented on each users login?
3. I'm thinking of getting our software developer to make this registry
changes during installation of our application. Is this possible?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Allow active content 2
XP SP2 blocks PDF files 2
File Download - Security Warning 5
Internet Explorer and SP2 [WILDPACKET] 2
Windows XP Internet Explorer Security 2
IE (SP2) warning me about my own (local) PDF files 3
SP 2 ... "Active Content files" 2
IE Toolbar Active Content Block in SP2 1

Top