Thad's obviously hit the nail on the head here, but presumably it is potentially dangerous to set those registry keys to 0 since they will cancel the increased security in the Local Zone for HTML which is implemented by SP2's Local Machine Lockdown.
There's a linked page detailing developer implications at: http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/lockdown_devimp.aspx This suggests a number of alternative solutions, including saving files as HTA instead of HTML to give different security zone settings, or adding a "mark of the web" comment in the HTML files along the lines of: <!-- saved from url=(0020)http://www.dqsd.net/ --> to give the HTML the same security zone settings as the source website There's also mention of: "creat[ing] a separate application that hosts the HTML content Internet Explorer Web Object Control (WebOC). The HTML is then no longer bound by the same rules that apply to content run in Internet Explorer. When the HTML content runs in that other process, it can have full rights as defined by the developer or zone policy for that process." James --- [EMAIL PROTECTED] wrote: > From: Thad Kerosky <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [DQSD-Users] Dave search bar and active > content blocking by XP > SP2 > Reply-To: [EMAIL PROTECTED] > > Indeed, the SP2 Local Machine Zone Lockdown is > blocking DQSD from > running every reboot. To fix it change (in > Start>Run>"regedit"): > > HKEY_LOCAL_MACHINE \Software\Microsoft \Internet > Explorer\main > \FeatureControl\FEATURE_LocalMachine_Lockdown\Explorer.exe > to 0 > > and If It Exists: > > HKEY_CURRENT_USER \Software\Microsoft \Internet > Explorer\main > \FeatureControl\FEATURE_LocalMachine_Lockdown\Explorer.exe > to 0 > > per > http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx > > I don't see any concession to whitelist DQSD running > in explorer as it > is, we should probably add a prompt to the installer > and have it execute > this key change, maybe only if SP2 is installed. > > I tried to send a registry or a zipped registry file > but sourceforge has > stringent listserv attachment policies apparently. > > Thad Kerosky ____________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ To unsubscribe visit: https://lists.sourceforge.net/lists/listinfo/dqsd-users [EMAIL PROTECTED] http://sourceforge.net/mailarchive/forum.php?forum_id=8601
