Protected Mode for IE7 in Windows Vista - Is it On or Off?

Hi, my name is Sharath Udupa and I’m a developer on the IE team. Many customers have asked us about when Protected Mode feature is turned on or off for Internet Explorer in Windows Vista.The Protected Mode feature is available only in Windows Vista. By default, Protected Mode is enabled for Internet, Intranet and Restricted zones while disabled for the Trusted Sites and Local Machine zone.

To enable or disable Protected Mode for a zone go to: Internet Options > Security tab > Select the appropriate zone> Check/uncheck the “Enable Protected Mode” checkbox. The status of Protected Mode can be monitored by looking at the “Protected Mode: On” text in bottom right corner of the IE status bar. However, at times you may notice the text in the status bar says “Protected Mode: Off” even when the Internet Options dialog says Protected Mode is enabled. There are a few exceptions that could potentially turn off Protected Mode. They are as follows:

  • User Account Control (UAC) is disabled – If UAC is disabled, Protected Mode is turned OFF. When UAC is disabled, some of the protections which Protected Mode depends on are not available, for example, UI Privilege Isolation (UIPI) is disabled. Hence, Protected Mode is turned off in this scenario.
  • IE is running with Administrator privileges – Protected Mode is turned off when IE is launched by right clicking on the IE icon and selecting “Run as administrator” or when IE is launched with administrative privileges from another application. This generally occurs when an installer/setup program running with administrator privileges starts a new IE process.
  • IE is navigated to a local HTML page – When the page being viewed is a local file, Protected Mode is turned OFF since the contents of the page are considered safe. Caveat: If the page was saved from a zone (for example Internet) which has Protected Mode enabled, then Protected Mode is turned ON.

The following flow chart summarizes these exceptions:

IE7 Protected Mode Flow Chart

It’s always safer to browse with “Protected Mode: On”. If you visit a page whose zone has Protected Mode enabled and you see the status is "Protected Mode: Off", you will want to close and restart a new instance of IE to visit the page. Hopefully, this post gives you a better understanding about when Protected Mode is enabled or disabled. Feel free to let me know if you have more questions on this topic.

-Sharath

edit: Add the word Windows - available only in Windows Vista.