Protected Mode for IE7 in Windows Vista – Is it On or Off?


Hi, my name is Sharath Udupa and I’m a developer on the IE team. Many customers have asked us about when Protected Mode feature is turned on or off for Internet Explorer in Windows Vista.The Protected Mode feature is available only in Windows Vista. By default, Protected Mode is enabled for Internet, Intranet and Restricted zones while disabled for the Trusted Sites and Local Machine zone.

To enable or disable Protected Mode for a zone go to: Internet Options > Security tab > Select the appropriate zone> Check/uncheck the “Enable Protected Mode” checkbox. The status of Protected Mode can be monitored by looking at the “Protected Mode: On” text in bottom right corner of the IE status bar. However, at times you may notice the text in the status bar says “Protected Mode: Off” even when the Internet Options dialog says Protected Mode is enabled. There are a few exceptions that could potentially turn off Protected Mode. They are as follows:

  • User Account Control (UAC) is disabled – If UAC is disabled, Protected Mode is turned OFF. When UAC is disabled, some of the protections which Protected Mode depends on are not available, for example, UI Privilege Isolation (UIPI) is disabled. Hence, Protected Mode is turned off in this scenario.
  • IE is running with Administrator privileges – Protected Mode is turned off when IE is launched by right clicking on the IE icon and selecting “Run as administrator” or when IE is launched with administrative privileges from another application. This generally occurs when an installer/setup program running with administrator privileges starts a new IE process.
  • IE is navigated to a local HTML page – When the page being viewed is a local file, Protected Mode is turned OFF since the contents of the page are considered safe. Caveat: If the page was saved from a zone (for example Internet) which has Protected Mode enabled, then Protected Mode is turned ON.

The following flow chart summarizes these exceptions:

IE7 Protected Mode Flow Chart

It’s always safer to browse with “Protected Mode: On”. If you visit a page whose zone has Protected Mode enabled and you see the status is “Protected Mode: Off”, you will want to close and restart a new instance of IE to visit the page. Hopefully, this post gives you a better understanding about when Protected Mode is enabled or disabled. Feel free to let me know if you have more questions on this topic.

-Sharath

edit: Add the word Windows – available only in Windows Vista.

Comments (53)

  1. speaking of usabilty (previous thread) says:

    Is this going to be fixed in IE8?!?!?!

    http://support.microsoft.com/default.aspx?scid=kb;en-us;329156

    It is really frustrating, that we have to use a submit button, in order to save values for autocomplete.

    AFAIK, *any* call to the native (internal) formObj.submit(); should save the data.

    Having to "do it yourself" rather kills the whole feature.

  2. Scott Price says:

    Very informative article.  I have a question.

    Is there any way to deactivate the Warning Page and the little gold bar at the top of Explorer 7 in Windows Vista ?  I have UAC turned off and I still have to tell the browser to go through to the internet and pull up my homepage.

    I understand the security objectives of Microsoft’s Windows Vista, however, I am having a difficult time deactivating all of the security features that I find so annoying.  I could not even download a file from a reputable site and have it install until I found that setting buried deep in the options and I could not update patches on a new game until the UAC was deactivated. I know for the "general population" of users – not Power Users or Admin types, the features are terrific to keep them out of trouble.  But for those of us who use our computers religiously, there needs to be a way to turn off all of the security flack in one sweep.

    It has been SEVERAL DAYS with a Vertical Line as a learning curve trying to get everything not to prompt me or send me a message or stop processing what I want to do just because IT isn’t sure what I am trying to do.  

    If you have any advice – PLEASE LET ME KNOW !!!

    I like the pretty looks of Vista and some of the features like the gadget bar, but I don’t want to become a programmer just to make my computer usable without a ton of annoying acknowledgements and permissions.

    I think you understand where I am coming from.

    Scott Price

    bravescott@aol.com

  3. Zian says:

    @Scott

    If you post at the Channel 9 thread (http://channel9.msdn.com/Showpost.aspx?postid=288259) with some more details about your problems, the developers who coded up UAC might be able to help you out.

    In the video, the UAC team explicitly asks everyone to post their UAC issues there.

  4. IE7 Community IE Addons IE Blog IE-Vista IE7 Support Can’t Save Favorites in Vista’s IE7 (WindowsNow)

  5. Corrine says:

    Perfect timing, particularly following the mention of "Protected Mode" in the MSRC Blog post yesterday about MS07-017:

    Quote:

    "If you are using Windows Vista, the Internet Explorer 7 protected mode provides additional protections against web-based attacks."

    Pingback: http://securitygarden.blogspot.com/2007/04/protected-mode-for-ie7-in-windows-vista.html

    Added to "Windows Vista Bookmarks", Internet Explorer 7 page.  🙂

  6. If you read the MSRC Blog post update about the Animated Cursor vulnerability, then you would have also

  7. anony.muos says:

    Dont forget to add back the ability to customize toolbars, buttons and their layout in IE8 😉

  8. fusion says:

    Thanks for clearing things up. One question: if I turn on Protected Mode in IE7, and use an IE shell (e.g. Avant Browser, Maxthon, etc.), do I have the same level of security as using just IE7 alone with Protected Mode enabled?

  9. Xepol says:

    I suppose the operant theory for turning protected mode off completely is that no protection is better than some?  

    Just add a third tier of "limited" or somewhat and leave the dang thing on, after all, just because I hate being nagged about simple file operations doesn’t make IE any safer, as the recent cursor attack demonstrates.

  10. PatriotB says:

    fusion – by default, no.  I don’t think any apps other than IE have implemented a protected mode.  Just using the IE components isn’t enough; protected mode is something that is implemented on a per-process basis.  Those browsers’ processes would have to opt into it, by lowering their integrity level.

  11. Philip Colmer says:

    One of the aggravations I have with protected mode is that if you have a web page and click on a link that would cause IE to open that link in the opposite mode (e.g. going from trusted site to Internet, protected mode off to protected mode on) then IE opens a different instance. If there is already an instance of IE running with that mode, it opens as a new tab.

    That all sounds fine in principle, except for when you’ve got your IE home page set to a trusted site and you want to go to, say, http://www.microsoft.com, and you haven’t got any IE windows open. What happens then? You open IE, it goes to your home page with protected mode off. You enter http://www.microsoft.com and it opens a new IE window.

    I understand why this is happening but it is really aggravating that IE can’t support different settings of protected mode for different tabs within the same IE window. My desktop is cluttered enough as it is without having to have at least two IE windows open.

  12. cars says:

    @ Scott Price

    turn UAC on and don’t be stupid!

  13. James says:

    Nice rundown on what is actually entailed in determining "Protected Mode" and clarification on conflicting statuses.

    Pingback: http://geekinparadise.com/2007/04/05/ie7-blog-covers-ie7-protected-mode-in-vista/

  14. matico says:

    I want to know more about Windows Integrity Levels, Please post more info about that. 🙂

  15. Michelle says:

    IE7 is still not standards compliant…how about fixing that before you do anything else..

    It does not recognize padding or margins correctly still.

    It still does not recognize vertical alignment correctly…we now have to use the # in place of _ for extra code to make Ie7 do things without screwing all the other browsers which do things correctly.

  16. The User Account Control is not only about technology or security, but also about good breeding. As developers

  17. cooperpx says:

    >> Protected Mode for IE7 in Windows Vista – Is it On or Off?

    OFF

    I will *never* run UAC unless I’m paid to. People actually like Vista when it’s off. Hate it when it’s on. Listen to Xepol !

    ps: Sorry to be a stinker, but local pages in IE6 XP SP2 WERE NOT trusted (unless of course the malicious software placed a trusted mark of the web). I haven’t read anything yet that explains the 180.

    http://blogs.msdn.com/ie/archive/2005/03/07/388992.aspx

  18. PatriotB says:

    @Michelle — Security should be job 1 — I’d rather they work on that before paddings and margins.

  19. Sviluppatori says:

    Una delle caratteristiche più interessanti di Internet Explorer 7 quando gira su Vista, è il funzionamento in modalità protetta: nella pratica, quando si attiva internet explorer 7 su vista, invece che girare con i privilegi dell’

  20. cars says:

    @cooperpx

    Protected Mode is ON by default, because UAC is ON by default.

    I always used Windows Vista with UAC and I love it, I haven’t problems with it.

  21. John Mann says:

    I have this code to open a window, but with IE7 and protected mode it always opens two windows:

    // First see if the window is already open.

    win = window.open("",winName,settings);

    if (win == null)

    {

       alert("Unable to open a new window. Please add your application server to your allowed popups list.");

       return;

    }

    // Check to see if the window is new

    if (win.history.length == 0)

    {

    win.location = sURL;

    }

    win.focus();

    This is because the first call always opens with protected mode off, but setting the URL then sets protected mode on. How can I make sure the initial window opens with protected mode on to avoid two windows opening?

  22. Tom says:

    "IE7 is still not standards compliant…how about fixing that before you do anything else.."

    Whilst standards support is important, I would ALWAYS welcome security improvements ‘before they do anything else’!

  23. Aedrin says:

    "all the other browsers which do things correctly."

    Like ‘all other browsers’ are so perfect. 😛 They have their own set of bugs. But I guess it’s popular to bash IE.

  24. Mark Burnett says:

    It is important to remember that protected mode is really just the ability for IE to run with the minimum integrity level required for any particular task. While protected mode might be enabled, there are other instances, beyond those listed here, where you will be running at a higher integrity level.

    For example, you will no longer be using IE as low integrity when you browse a site in your Trusted Sites zone. You also leave low integrity when the File Save As dialog box comes up when you download a file. Furthermore, if you allow a setup program to run, that will also run elevated.

    So while protected mode is an essential layer  of protection, it’s important to be aware that protected mode is really only on when you are browsing in the Internet zone.

    Mark Burnett

    http://xato.net

  25. cooperpx says:

    @cars

    People don’t have "problems" with UAC, they have a degraded user experience with UAC. This post isn’t about how to get Protected Mode enabled, it’s about showing when Protected Mode gets disabled (for whatever reason).

    Any third party web browser with RunAs can be done on WinXP with enormous results and nearly no side effects as web pages normally do not bank on the identity of the current Windows Account (IE *may* because of ActiveX and the ability to run "an application" within it). My impression of Protected Mode was something akin  to this.

    As Mark posts above, IE pops out of protected mode in a few more instances. This post truely has been an eye opener for me (and no, UAC stays off unless I’m testing Vista compatibility).

  26. tim says:

    I have run into a few odd issues with protected mode (or not) under Vista.  The most annoying problem is working with a site that uses passport (windows live id).  It seems that there are lots of sites visited during that logon process, and that the site you are visiting and all intermediate sites need to either be in the trusted list or all not in the trusted list or it will fail.  As I use MSDN regularly this means all in the trusted list.

    The other is my firewall.  Left out of the trusted list (Protected mode on) it provides a 400 screen when you try to contact it from vista (IE7 on other OSs work fine).  Adding it to the trusted list allows the default page to display.  Click on a link menu (which displays a subpage within the box) and you get 400s.  

    Flawless, protected mode isn’t!

  27. taiwan people says:

    IE7 in Vista is so "great",and really to protect our Windows System?

    Now Use IE7,"http://tw.yahoo.com/" can get a Trojan  (Trojan.JS.Aqent.b –Kaspersky Anti-Virus).

    IE7 "still" load it, Firefox is more safe,it don’t load it.

  28. taiwan people says:

    I know IE hava some good Protected Modes,but I don’t like IE is still to load (http://tw.yimg.com/i/tw/mc2.js) and save(C:Users…AppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5….mc2.js)the virus.

    I felt not good. I just used ie7 to browse some webs,but the Virus can automatically save to my HD.

  29. Hi there,

    Thanks for the helpful advice, this article has helped me make a lot more sense of what the protected mode is.

    Josh Chandler

    http://www.windowsxphelpfuladvice.blogspot.com

  30. cars says:

    @taiwan people

    I tried that page with Firefox 2.0.0.3 and AVG detected that trojan.

    With IE7 that trojan can’t be installed and it doesn’t work because IE7 runs in protected mode.

  31. luc says:

    @taiwan people

    ROTFL.

    That is the browser cache and you’re the most stupid person I ever meet!

  32. Rawi says:

    Can anyone tell me why I can’t open any of my RSS Feeds if I have Protected Mode enabled? I have almost fresh windows installation so it’s not messy. I tried to disable every single plugin and it didnt work. Do your RSS Feeds work in your IE7 with Protected Mode?

  33. luc says:

    RSS Feeds works fine in protected mode

  34. Nestor says:

    I’m logged in as administrator. Can anyone tell me why IE won’t load unless I right click on its icon and choose "Run as Administrator" or disable protected mode under Security in Internet Options and then run it?

  35. This may not be your bailiwick, Sharath, but if you can tell me who/where to ask, I’d love you for ever (well, a little while, anyway!)

    Since putting IE7 on machines on a couple of peer-to-peer networks, when programmes are run from other machines an idiot box pops up asking about an unknown publisher.  All help requests about publisher take one to microsoft publisher, which is no help!  (The only way people can run these programmes is to set up a .bat file and run them via that.  Clumsy, but at least it works.)

    Is this part of "protected mode" or something else?  I have gone through the options in the site security, but none of them seem completely relevant.

  36. EricLaw [MSFT] says:

    @Chester Wilson: Chances are good that you’re hitting this because the Intranet Zone is disabled on your PC (see http://blogs.msdn.com/ie/archive/2005/12/07/501075.aspx) and hence files from your other machines are being run with Internet Security settings (which causes the prompts).  Reenable the intranet zone manually and this problem will go away.

  37. Fduch says:

    Hello.

    This is time for another IE7 frustration.

    Today I was writing some code in VS and had IE7 opened with a set of about 20 pages I somehow found.

    Then suddenly IE7 just closes itself without any message. After a second my PC started doing something and VS asked if I want to stop debugging and save my files. I answered yes and Visual Stidio closed. Then my computer restarted itself.

    What’s was this? Of cause it was a dumb*** "feature" of Automatic Update.

    What does it have to do with IE7?

    It didn’t ask me to save ANYTHING! (Unlike any other useful MS application)

    So tell me please where is the button I should press to restore the pages I was browsing?

    Answer as soon as you can, because I really need them for the work I’m doing right now and it was really hard to find them.

  38. Fduch says:

    I also found out IE7 wasn’t saving my history for about 13 weeks.

    Why???

  39. Aedrin says:

    "What does it have to do with IE7?"

    Nothing, that’s an issue with Automatic Updates if it is what you claim it to be.

    "because I really need them for the work I’m doing right now and it was really hard to find them."

    You know, there are things that allow you to save the address of a page, with a title that you can change. It’s especially useful for saving pages that were hard to find.

    They’re called bookmarks.

    "I also found out IE7 wasn’t saving my history for about 13 weeks."

    I’d check your settings. It works fine for me, and everyone else.

  40. Nicolas says:

    i think the latest updates for MS security hijacked my default browser again!

    i thought that this was fixed?

    (yes, my email client was hijacked again too, but i’ve given up waiting for microsoft to fix that one.. its only happened like every time for the last twelve times now)  i shouldn’t be so impatient in waiting for that fix, it must be very hard to fix and might even need one of those really advanced coding guru things.. i think they are called "IF" statements.

    myVote++ for fixing the default web Browser & email client hijacking.

    nic

  41. netvance says:

    This is what helped in this situation:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ietechcol/dnwebgen/protectedmode.asp

    which says:

    “Q: Are there specific locations in the USER PROFILE or HKEY_CURRENT_USER registry location that an extension in Protected Mode Internet Explorer can not write to?

    A: Yes, Internet Explorer-specific locations in the following USER PROFILE folders.

    Documents and Settings%USER PROFILE%…

    …Local SettingsTemporary Internet Files

    …Local SettingsTemp

    …Local SettingsHistory

    …%USER PROFILE%Favorites

    …%USER PROFILE%Cookies

    Extensions can write to the following locations.

    Documents and Settings%USER PROFILE%…

    …Local SettingsTemporary Internet FilesLow

    …Local SettingsTempLow

    …Local SettingsHistoryLow

    …%USER PROFILE%FavoritesLow

    …%USER PROFILE%CookiesLow

    %USER PROFILE%AppDataLocalLow”

    So instead of looking for the cookie that had been written in the useridcookies folder we changed our code to look in both useridcookies and then useridcookieslow.  Did not find out how to tell if Protected mode was on but I’m not sure that can be done due to security reasons.  

  42. netvance says:

    Addition:

    The following example uses the Protected Mode API to detect the integrity level of Internet Explorer and choose a low integrity write location for a registry setting. We used it in our software development for Vista (at http://www.netvance.at) – the code snippet listed below solves this problem:

    #include iepmapi.h

    HRESULT WriteSetting(LPCTSTR pszKey, LPCTSTR pszValue, LPCTSTR pszData)

    {

      BOOL bIsProtected;

      HRESULT hr = IEIsProtectedModeProcess(&bIsProtected);

      if (SUCCEEDED(hr) && bIsProtected)

      {

         HKEY hKey;

         hr = IEGetWriteableHKCU(&hKey);

         if (SUCCEEDED(hr))

         {

            HKEY hMyKey;

            DWORD dwDisposition;

            LONG lRes = RegCreateKeyEx(

                 hKey,         // Low integrity write location

                 pszKey,       // Specified sub-key

                 0L,           // Reserved

                 NULL,         // Class

                 REG_OPTION_NON_VOLATILE,

                 KEY_SET_VALUE,

                 NULL,         // Security Descriptor

                 &hMyKey,      // NEW or EXISTING key

                 &dwDisposition);

            if (ERROR_SUCCESS == lRes)

            {

               lRes = RegSetValueEx(hMyKey, pszValue, NULL, REG_SZ,

                         (CONST BYTE*)pszData, strlen(pszData) + 1));

               hr = HRESULT_FROM_WIN32(lRes);

               RegCloseKey(hMyKey);

            }

            else

               hr = HRESULT_FROM_WIN32(lRes);

            // Close the low integrity handle

            RegCloseKey(hKey);  

         }

      }

      else

      {

         // IE not in protected mode

      }

      return hr;

    }

  43. hAl says:

    @Nicolas

    You mean the issue with Firefox not being deteted as the default browser which was actually caused by an update by firefox and not by an update of IE ?

    See:

    http://www.zoliblog.com/blog/_archives/2007/3/26/2836828.html

  44. I am able to load the Applet on all the versions of Windows using IE also on MAC on safarii the applet is getting loaded .But the applet is not getting loaded on Windows Vista.I am using asp.net web application, in that i am calling a applet class .

    But for windows vista, it says that the class cannot be found.

    Could u pls suggest me wat might be the problem

    With Regards

    Anish

  45. Nigel booth says:

    the code snippet above looks very similar to something I once used in MSVisualC# 2005Express XMA Games development when the older systems wouldn’t recognise some of the entry commands.  

    Is the Vista IE going to be the only compatible one with Vista of will others such as firefox and Mozilla (Open Source) also work?  If so will they omit the current problems that are being experienced when using IE7?

  46. netvance says:

    @Nigel Booth: Yes, sure, i think there are more ways to overcome this Internet Explorer vulnerability. No i dont think this will omit the problems with the current version of IE7. For further discussions dont hesitate to contuct me direct via http://www.netvance.at

  47. Jack Morgan says:

    Hi

    i just upgraded to XP sp2 and noticed all my nice little routines with MSXML2.XMLHTTP that had been working perfectly for the longest time suddenly breakdown when they reach a ‘https’ page.

    is there a cure for this? i think i am getting a little depressed. i spent a lot of quality time on this and to see it no longer working because i ‘upgraded’ my computer doesnt make sense to me.

    please, IE gurus and experts, help me out here

    thanks!

  48. EricLaw [MSFT] says:

    @Jack: Can you provide a bit more detail on what exactly you’re doing?  Do you have a HTTP page that’s using XMLHTTP in an attempt to contact a HTTPS site?  Or vice versa?  Can you send a code sample?

  49. jack morgan says:

    thanks for the reply. i really appreciate it. i have a nice little program that works (not with XP SP2 and IE6 SP2 and higher) with a proprietary site, so the code below is just an example. however, it works with most web page form submissions.

    the first part of the code logs in to the site (the code that worked perfectly for a *very* long time – until i finally upgraded to XP SP2, where then what was working perfectly suddenly stopped working – grrrr):

    ‘– code

    Private sub test()

    Dim objHTTP As Object

    Set objHTTP = CreateObject("MSXML2.XMLHTTP")

    usrnme = "test"

    pwrd = "test"

    logfl = "https://myloginsite.com"

    objHTTP.Open "POST", logfl, False

    objHTTP.setRequestHeader "Keep-Alive", "300"

    objHTTP.setRequestHeader "Connection", "Keep-Alive"

    objHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

    submurl = "uname=" & usrnme & "&Passwd=" & pwrd

    objHTTP.send (submurl)

    MsgBox objHTTP.responseText

    ———

    ok, let’s stop here at the MsgBox.

    now, i have to say this over and over again, this sweet and simple but very useful code worked for a long time like clockwork and i never had any trouble with it UNTIL i installed the SP2 service pack thing (none of my clients that have XP SP2 or better can use the program now – thanks Bill!). so i want to <i><u>emphasize</i></u> that the *only* difference between yesterday and today is yesterday i had XP SP-1 and lower (down to Win 98SE), whereas today i have XP SP-2.

    all right then. as you can see, the code does work well enough to at least navigate the initial https page, but in my case, the proprietary site has an intermediate page with a javascript body onload sort of thing.

    so there the program stops, gets the source, and extracts the link. *that newly extracted link* leads to the data i and my clients depend on – which, thanks to some over-zealous programmer, so long as we ‘upgrade’ to MS latest XP/Vista IE6 SP2 or IE7 we can no longer get.

    the next section of the code sample parses the text and creates the link i need, which eventually is known as ‘base2(0)’

    ‘—– code cont’d

    strRequest = objHTTP.responseText

    base = Split(strRequest, "url=’")

    base2 = Split(base(1), "’""")

    MsgBox base2(0)

    ‘— ok, let me stop one more time. at this point the code still produces the proper link, so it has still managed to log in and get the proper follow through link.

    ‘—- code cnt’s

    objHTTP.Open "GET", base2(0), False

    so at this stage, everything is going the same way it *had* been, without a hitch, for eons of time, before i – tragically <sniff> – ‘improved’ my operating system to XP SP2.  And the installation of XP SP2, BTW, went down with no trouble.

    again, no client with XP SP2 can get my code to work, but all clients with XP SP1 or less can, so it is not just a ‘thing’ with my computer, just so we are clear on that.

    but then, damned if my program doesn’t stops right here …

    ‘—- code cnt’d

    >>>>>objHTTP.send<<<<<<

    ——————————

    | Run time Error                 ‘-2147024891 (80070005)

    |Access is denied

    |

    |

    ===========================

    and so, here we are talking about it 🙂

    i am on my knees, praying i do not have to spend another month trying to figure out how to make something work again that MS broke by pretending to improve my operating system.  

    FWIW, at least with XL, when i develop in a lower version, say 97 or 2000, the program still works even in xl2007.

    silly me … here i thought if i wrote my code in the most basic spartan fashion MS could not screw things up with future ‘improvements’

    well, i was very wrong. now i have to spend an as yet unknown number of hours, which easily turns into weeks, and then even months to finally figure out what the h* is blocking the path from the next step in my program, a program that ran beautifully for all users XP SP1 and lower for a very long and happy time.

    yet when SP2 was deployed, i lost clients. most clients have SP1 or lower (because i told them they need to stay there in order for the program to work), but there have been many who have made the switch now to SP2, or Vista, or IE7, and all of this has had the effect to 1) cost me clients and 2) make my program obsolete.

    so i was kinda hoping the good folks at Microsoft, who totally screwed me up here, could show some class and give me a fast, easy solution for a suitable replacement to the heretofore working

    Set objHTTP = CreateObject("MSXML2.XMLHTTP")

    to whatever object i need to get the job done, as nicely as it had been getting done in the past, viz the POST/GET method of sending and retreiving data over the ubiquitous internet we all share together.

    and just for the record, i have tried

    Set objHTTP = CreateObject("MSXML2.XMLHTTP.2.6")

    Set objHTTP = CreateObject("MSXML2.XMLHTTP.3.0")

    Set objHTTP = CreateObject("MSXML2.XMLHTTP.4.0")

    Set objHTTP = CreateObject("MSXML2.XMLHTTP.5.0")

    i have downloaded and installed the latest service packs for msxml3 and msxml4. i have not tried msxml6 yet, but i suspect i’ll get the same result.

    it is not an issue on the server side (my app is a client side app), because the ‘old’ program works to this very moment as long as the computer is not encumbered with SP2, Vista, or IE7 – and it is a very nice program indeed.

    i thought it might have something to do with IE security settings, but, again, for the record, the program worked in the *past* without respect to any security setting in IE6. that means the client could use my program and not have to make any special adjustememts to their security settings. they did not have to monkey with their explorer setting, did not have to download anything (except my compact program, which saves my clients 10 – 20 hours per work week of wasted internet time, and gets them better information much faster at least), etc.

    we are talking about a fine, squaky clean, fast and efficient program that is/was a great benefit to my clients.

    the singular issue here (the code sample is irrelevant, but i provided it for you anyway) is the fact that something lurking in the changes of SP2 BLOCKS  the MSXML2.XMLHTTP object from taking any further steps into a secure area of a web site after logging in.

    that is the issue – my code works perfectly well, if not for the unfortunate changes made in SP2, whatever they are, and God only knows, along with the MS programmers, what they are. i just do not have the sort of time to blow on stuff like this, which is why it is so utterly aggravating to have to go back and *fix* my program which only broke because MS did something to their OS and IE.

    so, i am simultaneously hoping, praying and expecting that those who are responsible for this miscarriage of coding justice – MS developers of SP2 – can tell me what changes they made to SP2 in relationship to what was before, why they have now caused the MSXML2.XMLHTTP object to fail miserably, and what i can do to effect a fix without any further delay.

    i turn to you, o mighty microsoft mavens, to reveal the mystery of why MSXML2.XMLHTTP would work in XP SP1 and earlier, yet now, with SP2, works not at all. Unless i can some up with a solution in the near future, it is likely to cost me a small fortune, though not quite the fortune Bill gates has made by myself and all my clients buying his software in the first place, nonetheless, to me, a fortune indeed.

    many thanks in advance

  50. Sue says:

    Let me preface the following question with a disclaimer: While I like to think I’m more technologically savvy than the general public, some of the above posts have totally lost me, so if anyone replies, please keep that in mind. Here’s the question/problem: Can anyone tell me why since upgrading to vista some sites appear instantaneously, whereas others can take up to 5 minutes to appear?  Actually, I don’t care why this is happening, I just need it fixed. As some potentially related problems, here are some other funky things that are happening: 1. images not opening on the page 2. when I try to add trusted sites, I’ve gotten a message that I can only add https, not http.

    I’ve already tried all of the troubleshooting tips, on MS, have allowed Dell to commandeer my PC, have had a number of conversations with their tech support, and have monkeyed with almost every setting I can think of (including turning off protected mode (at least I think it’s turned off – ha ha).  No really, it’s off.  But nothing works.  The only advice I’m being offered now is to restore the PC to original settings.  However, it seems to me that there must be some other option, and that a system restore is just for those of us who can’t figure out the solution ourselves.  But I don’t want to be that person!  I’ve already lost countless hours of productivity, and I really can’t deal with having to reinstall all my software, etc.  I’m in the middle of a dissertation – someone please help?!

  51. jack morgan says:

    and lastly, for the blog owner, i figured out the fix via a registry tweak. relatively painless, whew!