locked
Question about IE7 in protected mode. RRS feed

  • Question

  • I am just learning about the low integrity label and the protected mode IE7 runs in.

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp

    If I understood this correctly, then IE7 running in protected mode can only write to resources with low integrity label.  In the document above, in the FAQ section, it states that an extension in Protected Mode Internet Explorer can not write to ...\%USER PROFILE%\Favorites.  BUT!! if you add a link to the favorites, it works even though access should have been denied according to the document.

    So here goes my question.

    Is \%USER PROFILE%\Favorites low integrity labeled resource?

    How can one find out what integrity a resource is labeled with?

    Is there a way to set or check the integrity level of a file/folder in the Explorer.exe?

    Tuesday, February 13, 2007 9:17 AM

All replies

  • Looking at a fresh installation of the released build, Favorites appears to be labeled LOW.
    icacls will display the label when one is explicitly given.

    C:\>icacls Users\eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
    . NTDEV\eric:(I)(F)
      NTDEV\eric:(I)(OI)(CI)(IO)(F)
      NT AUTHORITY\SYSTEM:(I)(F)
      NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
      BUILTIN\Administrators:(I)(F)
      BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
      Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

    The same tool can be set a label too (/setintegritylabel).

    Wednesday, February 14, 2007 11:59 PM