locked
I need the command-line switch for protected mode

    Question


  • A service tech was trying to get his company's software (that runs on XP) to run on Vista (this computer).  In the process of trying "work arounds" he set a switch that disables protected mode from the command-line.  Now changing the setting from (click Internet Options. Click the Security tab, and then click to select the Enable Protected Mode check box.) doesn't work, even as Admin.!

    He never did get their software to run on this system and gave up, leaving protected mode disabled.  What is the proper command to turn protected mode back to the default so I can turn it off and on from setup.

    Since I haven't gotten a reply yet, I've posted this on the vista setup forum also.
    Thursday, January 24, 2008 4:47 PM

Answers

  • Hi,

     

    Thank you for your reply and letting me know the results. Now let's focus on Group Policy restrictions. The Protected Mode feature is applied per security zone. By default, IE7 does not enable Protected mode for the Trusted Sites zone. You can enable or disable Protected Mode for Intranet Sites through Group Policy.

     

    Please use command gpedit.msc to open "Group Policy" edit console, find the following items:

     

    User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone 

    Turn on Protected Mode.

     

    Set this policy to enabled and then choose enable or disable in the dropdown list as you need. However, if the issue persists, please also do same operation to other "zones" under Security Page。

     

    After applying all the settings, please log off and log on again to affect the new group policy settings and check IE again.

     

    Understanding and Working in Protected Mode Internet Explorer

    http://msdn2.microsoft.com/en-us/library/bb250462.aspx#upm_intro

     

    Sincerely,

    Robbin Meng

    Microsoft Online Community Support

    Friday, February 01, 2008 4:48 AM

All replies

  •  

    Hi Robt,

     

    Before we go further, I would like to confirm what the "protected mode" you are referring to?

     

    Is it "Protected Mode" of the Internet Explorer? (click Internet Options. Click the Security tab, and then click to select the Enable Protected Mode check box.)

     

    Or is it the User Account Control (UAC) function in Windows Vista? (How to use User Account Control (UAC) in Windows Vista

    http://support.microsoft.com/kb/922708/en-us

     

    If you refer to UAC, you can use the following command to turn it off/on:

     

    Way to disable UAC:

     

    1. Run "msconfig" elevated.

    2. Go to "Tools" tab.

    3. Launch "Disable UAP" and click "OK"

    4. Reboot your computer.

     

    This actually executes the command

     

    %windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t

    REG_DWORD /d 0 /f

     

     

    Sometimes, you want to disable UAC prompt for certain application on a Windows Vista computer. You do not want to disable UAC for the whole computer. Using the tool and steps below, you may disable UAC prompt for the specific application. This does not disable the User Account Control feature for the whole computer.

     

    How to disable the User Account Control Prompt for certain application

    http://support.microsoft.com/kb/946932

     

    Hope this helps.

     

     

    Sincerely,

    Robbin Meng

    Microsoft Online Community Support 

     

    Monday, January 28, 2008 10:40 AM
  • Good morning Robbin;

     

    Thank you for responding.  Yes I am referring to Internet Explorer v.7.0.6, Vista Ultimate, on HP Pavilion dv 9000 series laptop, and not UAC.

     

    Please note that I've edited my post for clairity by replacing "setup" with (click Internet Options. Click the Security tab, and then click to select the Enable Protected Mode check box.) and by emphasizing doesn't work.

     

    The tech didn't just turn protected mode off, he locked it in the off state, as Administrator, from the command-line, using cut-and-paste, which moved so fast I didn't have time to note the syntax.  If there's a problem with posting the info I need, please email it to me.

     

    We'll all rest easier when the vertical wares market catches up to Microsoft's security protocols.  I'm also working on a BEX problem with one of Hewlett Packard's network services which I've been forwarding through MS Problem Resolution for almost a year.  I've yet to get any feed-back, so you and I are blazing ahead.  

     

    Problem signature:
      Problem Event Name:    BEX
      Application Name:    svchost.exe_HPSLPSVC
      Application Version:    6.0.6000.16386
      Application Timestamp:    4549adc4
      Fault Module Name:    StackHash_fd84
      Fault Module Version:    0.0.0.0
      Fault Module Timestamp:    00000000
      Exception Offset:    00430064
      Exception Code:    c0000005
      Exception Data:    00000008
      OS Version:    6.0.6000.2.0.0.256.1
      Locale ID:    1033
      Additional Information 1:    fd84
      Additional Information 2:    5fc19cb97b591c0dba0a46566878cd8c
      Additional Information 3:    ac2f
      Additional Information 4:    464c3631e7155ca56ff9c9377bafba83

    Read our privacy statement:
      http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

     

    Monday, January 28, 2008 2:05 PM
  •  

    Hi,

     

    Thanks for your response and clarification.

     

    Regarding the "protected mode" problem, does the "locked it in the off state" mean the "protected mode" check box is "locked" and grayed out that cannot be enabled from IE? If so, it may be restricked by system group policy. Then please run RSOP.msc to check the current Group Policy to see if there is any IE related restrictions.

     

    If the issue persists, pleae try to create a new user account with administrator privilege to test it again.

     

    Thanks.

     

    Sincerely,
    Robbin Meng
    Microsoft Online Community Support

    Tuesday, January 29, 2008 11:12 AM
  •  Robbin Meng - MSFT wrote:

     

    Hi,

     

    Thanks for your response and clarification.

     

    Regarding the "protected mode" problem, does the "locked it in the off state" mean the "protected mode" check box is "locked" and grayed out that cannot be enabled from IE? If so, it may be restricked by system group policy. Then please run RSOP.msc to check the current Group Policy to see if there is any IE related restrictions.

     

    If the issue persists, pleae try to create a new user account with administrator privilege to test it again.

     

    Thanks.

     

    Sincerely,
    Robbin Meng
    Microsoft Online Community Support

     

    The checkbox nor text is grayed out.  I can check and uncheck the box.  Doing so does nothing.  After rebooting iExplorer the message in the status bar still says protected mode is turned off.  The check is still in the box indicating that I wanted to turn it on.  I even tried turning it off and restarting iE, then turning it on and restarting again.

     

    The HSS tech blamed having Vista set up for multi-user for the problems at one point.  He also wanted us logged in as Administrator because his software needed admin priv. for it's operation.  I removed all users except guest which is turned off in the software and now am only logging on as Administrator until I can undo everything done and apply best practises.

     

    I'm sure I'm logged in with admin priv.s because when I open the run box I get the warning that apps will run with admin priv.s   Alsoat the DOS (cmd) prompt the default prompt is c:\\users\administrator>_

     

    There are no group policies set up.  The only policy beyond the default install/setup is netmon user added for Administrator.

     

    I sat and watched the tech run a command with switches to turn off protected mode first, then he went back and changed the switch only to disable the ability to change the protected mode from the gui.  I just didn't have an opportunity to write it down and CRS!

    Friday, February 01, 2008 12:15 AM
  • Hi,

     

    Thank you for your reply and letting me know the results. Now let's focus on Group Policy restrictions. The Protected Mode feature is applied per security zone. By default, IE7 does not enable Protected mode for the Trusted Sites zone. You can enable or disable Protected Mode for Intranet Sites through Group Policy.

     

    Please use command gpedit.msc to open "Group Policy" edit console, find the following items:

     

    User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone 

    Turn on Protected Mode.

     

    Set this policy to enabled and then choose enable or disable in the dropdown list as you need. However, if the issue persists, please also do same operation to other "zones" under Security Page。

     

    After applying all the settings, please log off and log on again to affect the new group policy settings and check IE again.

     

    Understanding and Working in Protected Mode Internet Explorer

    http://msdn2.microsoft.com/en-us/library/bb250462.aspx#upm_intro

     

    Sincerely,

    Robbin Meng

    Microsoft Online Community Support

    Friday, February 01, 2008 4:48 AM