|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
12-11-2007
| #1 (permalink) |
| | Protected mode ON vs Protected mode OFF Hi, My organization task me with defining Policies for Internet Explorer 7 on Vista. The goal was to make it even more secure than the defaults provided by Microsoft. On the other hand, I was a bit more relax on the Intranet side. One of the feature I would really like to take advantage is the Protected Mode. By default it's on, but on the Intranet side, I turned it OFF to take care of some issues around SharePoint (explorer view in SharePoint was not working). I suspect that there would be more functions/features that would not work if Protected Mode is ON. This is just an assumption. A lot of people are complaining because it open a second instance of IE when changing zones. Now, they want it OFF or ON in all zones so they won't have to hear people complaining at the Call Center. I guess I have problem communicating the reason why we should NOT turn it OFF. Would someone give me some sample exxplanation why we should NOT turn it OFF and leave it ON on the Internet Zone and OFF in the Intrannet Zone? My reasons for Intranet zone at OFF is because we would like to make some script through a web page in our Intranet zone that would query the system registry, maybe copy files, or execute scripts right from a web page. Do you see any other advantage to set it to OFF in the Intranet zone? What kind of stuff would I have problem with if it was set to ON? Can someone help me? |
My System Specs |
|
12-11-2007
| #2 (permalink) |
| | Re: Protected mode ON vs Protected mode OFF > I guess I have problem communicating the reason why we should NOT turn it Quote: > OFF. Would someone give me some sample exxplanation why we should NOT > turn > it OFF and leave it ON on the Internet Zone and OFF in the Intrannet Zone? > "In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent. Protected Mode requires the user to confirm any activity that tries to put something on your machine or start another program. By ensuring the user consents to these kinds of actions, the likelihood of automated and/or unwanted software installation is reduced. This feature also makes you aware of what a website is trying to do, giving you a chance to stop it and take time to double check the trustworthiness of the website. " If you're users have admin accounts then protected mode adds significant security. If they have limited user accounts then I don't know that protected mode makes as much difference. Perhaps others can comment on this? |
| My System Specs |
|
12-12-2007
| #3 (permalink) |
| | Re: Protected mode ON vs Protected mode OFF Thank you Victek. Very much appreciated. After reading this, why would someone want to turn Protected Mode OFF then? In the Intranet Zone, turning Protected Mode OFF would give what king of possibilities? The only one I saw so far was to enable the Explorer view in SharePoint Shared Documents library. Having Prtoected Mode ON, this functionnality was broken. I am sure there is more than that. Anyone had to turn Protected Mode OFF in the Intranet Zone? And why? Thanks again... "Victek" wrote: Quote: Quote: > > I guess I have problem communicating the reason why we should NOT turn it > > OFF. Would someone give me some sample exxplanation why we should NOT > > turn > > it OFF and leave it ON on the Internet Zone and OFF in the Intrannet Zone? > > > Here's a good explanation of the benefits of protected mode. > > "In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user > or system files and settings without user consent. Protected Mode requires > the user to confirm any activity that tries to put something on your machine > or start another program. By ensuring the user consents to these kinds of > actions, the likelihood of automated and/or unwanted software installation > is reduced. This feature also makes you aware of what a website is trying to > do, giving you a chance to stop it and take time to double check the > trustworthiness of the website. " > > If you're users have admin accounts then protected mode adds significant > security. If they have limited user accounts then I don't know that > protected mode makes as much difference. Perhaps others can comment on > this? > > > |
| My System Specs |
|
12-12-2007
| #4 (permalink) |
| | Re: Protected mode ON vs Protected mode OFF The problem I see with protected mode is that it is so dumb that it becomes self-defeating. Sure, I want to be warned if a site I am browsing tries to slip something onto my machine. On the other hand, if I click on a download link and then have to see a warning message and then click several boxes to proceed, it gets frustrating and I want to turn off the protection. Would it be that hard to smarten up IE to know the difference between programs that are trying to snerak up on me and the files I have asked for? Bill Silvert "Victek" <victek@xxxxxx> wrote in message news:ODnvaHGPIHA.4684@xxxxxx Quote: > Here's a good explanation of the benefits of protected mode. > > "In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify > user or system files and settings without user consent. Protected Mode > requires the user to confirm any activity that tries to put something on > your machine or start another program. By ensuring the user consents to > these kinds of actions, the likelihood of automated and/or unwanted > software installation is reduced. This feature also makes you aware of > what a website is trying to do, giving you a chance to stop it and take > time to double check the trustworthiness of the website. " |
| My System Specs |
|
12-12-2007
| #5 (permalink) |
| | Re: Protected mode ON vs Protected mode OFF "Bill Silvert" <bill@xxxxxx> wrote in message news:O43etHMPIHA.1204@xxxxxx Quote: > The problem I see with protected mode is that it is so dumb that it > becomes self-defeating. Sure, I want to be warned if a site I am browsing > tries to slip something onto my machine. On the other hand, if I click on > a download link and then have to see a warning message and then click > several boxes to proceed, it gets frustrating and I want to turn off the > protection. Would it be that hard to smarten up IE to know the difference > between programs that are trying to snerak up on me and the files I have > asked for? > I have protected mode on. I don't see several boxes to click on when I try to download a file. Are you trying to save the download in a protected area? -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca/phpBB2/ |
| My System Specs |
|
12-12-2007
| #6 (permalink) |
| | Re: Protected mode ON vs Protected mode OFF No, but I am having the same problem even when I turn protected mode off. The lowest security setting allowed is Medium, which always checks on downloads. Bill PS - I tried to send a personal reply to Kerry, but cannot decode his address which has too many anti-spam inserts for my humble skills. Apologies for reposting to the whole list. ----- Original Message ----- From: "Kerry Brown" <kerry@xxxxxx-tems.c*a*m> Newsgroups: microsoft.public.windows.vista.security Sent: Wednesday, December 12, 2007 4:17 PM Subject: Re: Protected mode ON vs Protected mode OFF Quote: > "Bill Silvert" <bill@xxxxxx> wrote in message > news:O43etHMPIHA.1204@xxxxxx Quote: >> The problem I see with protected mode is that it is so dumb that it >> becomes self-defeating. Sure, I want to be warned if a site I am browsing >> tries to slip something onto my machine. On the other hand, if I click on >> a download link and then have to see a warning message and then click >> several boxes to proceed, it gets frustrating and I want to turn off the >> protection. Would it be that hard to smarten up IE to know the difference >> between programs that are trying to snerak up on me and the files I have >> asked for? >> > > I have protected mode on. I don't see several boxes to click on when I try > to download a file. Are you trying to save the download in a protected > area? > > -- > Kerry Brown > Microsoft MVP - Shell/User > http://www.vistahelp.ca/phpBB2/ |
| My System Specs |
|
12-12-2007
| #7 (permalink) |
| | Re: Protected mode ON vs Protected mode OFF > Quote: > PS - I tried to send a personal reply to Kerry, but cannot decode his > address which has too many anti-spam inserts for my humble skills. > Apologies for reposting to the whole list. Try the link in my sig :-) -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca/phpBB2/ |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Re: mailto from Protected Mode: Off to Protected Mode: On | Vista mail | |||
| protected mode off | Vista General | |||
| IE7 protected mode | Vista security | |||
| IE7 protected mode: Off | Vista security | |||
| UAC and IE Protected Mode? | Vista security | |||
