IE7 in Windows Vista: Configuring Your View Source Editor

We’ve noticed a few blog posts asking why IE7 in Windows Vista displays a prompt to launch Notepad. You can see this prompt by right clicking on a webpage and selecting View Source. I want to explain why the prompt is displayed and also tell you how to turn it off.

As you probably already know from previous blog entries, Windows Vista includes an IE security feature called Protected Mode. Protected Mode runs the IE process with lower privileges and also helps protect against malicious webpages that try to automatically pass content to higher privileged applications like Notepad.

Before launching applications like Notepad that weren’t designed to work with low privilege, Protected Mode displays the following prompt to get your permission. This prompt is designed for the worst case security scenario, which is a malicious webpage trying to silently elevate out of Protected Mode by launching an application or reusing one that you’re launching. For example, in the scenario where you select View Source, a malicious webpage could try to silently pass its content to Notepad instead of the webpage’s source code. This could be a dangerous scenario if there was vulnerability in Notepad

IE Security Prompt Dialog

If you only browse to web sites you trust and you don’t want to click through this prompt in the future, you can check the “Do not show me the warning for this program again” box before clicking “Allow”. Checking this box and “Allow” will add the following entry to Protected Mode’s elevation policy:

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{9F5511FE-4BB1-474D-B6ED-8877567E7F36}]
"AppPath"="C:\Windows\System32"
"AppName"="notepad.exe"
"Policy"=dword:00000003

You can find more details on Protected Mode’s elevation policy in the Protected Mode technical article on MSDN.

If you later decide that you want to see this Protected Mode elevation prompt again for Notepad or any other application you added to Protected Mode’s elevation policy, either delete the registry key mentioned above or click “Reset…” in the Internet Options Advanced tab.

Internet Explorer Advanced Options Tab

If you are looking for a better View Source Editor option than Notepad, install Microsoft Visual Web Developer 2005 Express Edition and add:

C:Program FilesMicrosoft Visual Studio 8Common7IDEVWDExpress.exe

to the following registry key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerView Source EditorEditor Name

IE Registry Editor

Thanks for reading!

Marc Silbey
Program Manager

edit: Correction: If you are looking for a better View Source Editor option, Add: If you later decide that you want to see