Protected mode ON vs Protected mode OFF

Discussion in 'Windows Vista Security' started by StephaneR, Dec 11, 2007.

  1. StephaneR

    StephaneR Guest

    Hi,

    My organization task me with defining Policies for Internet Explorer 7 on
    Vista. The goal was to make it even more secure than the defaults provided
    by Microsoft. On the other hand, I was a bit more relax on the Intranet side.

    One of the feature I would really like to take advantage is the Protected
    Mode. By default it's on, but on the Intranet side, I turned it OFF to take
    care of some issues around SharePoint (explorer view in SharePoint was not
    working). I suspect that there would be more functions/features that would
    not work if Protected Mode is ON. This is just an assumption.

    A lot of people are complaining because it open a second instance of IE when
    changing zones. Now, they want it OFF or ON in all zones so they won't have
    to hear people complaining at the Call Center.

    I guess I have problem communicating the reason why we should NOT turn it
    OFF. Would someone give me some sample exxplanation why we should NOT turn
    it OFF and leave it ON on the Internet Zone and OFF in the Intrannet Zone?

    My reasons for Intranet zone at OFF is because we would like to make some
    script through a web page in our Intranet zone that would query the system
    registry, maybe copy files, or execute scripts right from a web page. Do you
    see any other advantage to set it to OFF in the Intranet zone? What kind of
    stuff would I have problem with if it was set to ON?

    Can someone help me?
     
    StephaneR, Dec 11, 2007
    #1
    1. Advertisements

  2. StephaneR

    Victek Guest

    I guess I have problem communicating the reason why we should NOT turn it
    Here's a good explanation of the benefits of protected mode.

    "In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user
    or system files and settings without user consent. Protected Mode requires
    the user to confirm any activity that tries to put something on your machine
    or start another program. By ensuring the user consents to these kinds of
    actions, the likelihood of automated and/or unwanted software installation
    is reduced. This feature also makes you aware of what a website is trying to
    do, giving you a chance to stop it and take time to double check the
    trustworthiness of the website. "

    If you're users have admin accounts then protected mode adds significant
    security. If they have limited user accounts then I don't know that
    protected mode makes as much difference. Perhaps others can comment on
    this?
     
    Victek, Dec 12, 2007
    #2
    1. Advertisements

  3. StephaneR

    StephaneR Guest

    Thank you Victek. Very much appreciated.

    After reading this, why would someone want to turn Protected Mode OFF then?
    In the Intranet Zone, turning Protected Mode OFF would give what king of
    possibilities? The only one I saw so far was to enable the Explorer view in
    SharePoint Shared Documents library. Having Prtoected Mode ON, this
    functionnality was broken. I am sure there is more than that.

    Anyone had to turn Protected Mode OFF in the Intranet Zone? And why?

    Thanks again...
     
    StephaneR, Dec 12, 2007
    #3
  4. StephaneR

    Bill Silvert Guest

    The problem I see with protected mode is that it is so dumb that it becomes
    self-defeating. Sure, I want to be warned if a site I am browsing tries to
    slip something onto my machine. On the other hand, if I click on a download
    link and then have to see a warning message and then click several boxes to
    proceed, it gets frustrating and I want to turn off the protection. Would it
    be that hard to smarten up IE to know the difference between programs that
    are trying to snerak up on me and the files I have asked for?

    Bill Silvert
     
    Bill Silvert, Dec 12, 2007
    #4
  5. StephaneR

    Kerry Brown Guest


    I have protected mode on. I don't see several boxes to click on when I try
    to download a file. Are you trying to save the download in a protected area?
     
    Kerry Brown, Dec 12, 2007
    #5
  6. StephaneR

    Bill Silvert Guest

    No, but I am having the same problem even when I turn protected mode off.
    The lowest security setting allowed is Medium, which always checks on
    downloads.

    Bill

    PS - I tried to send a personal reply to Kerry, but cannot decode his
    address which has too many anti-spam inserts for my humble skills. Apologies
    for reposting to the whole list.

    ----- Original Message -----
    From: "Kerry Brown" <*a*m>
    Newsgroups: microsoft.public.windows.vista.security
    Sent: Wednesday, December 12, 2007 4:17 PM
    Subject: Re: Protected mode ON vs Protected mode OFF
     
    Bill Silvert, Dec 12, 2007
    #6
  7. StephaneR

    Kerry Brown Guest


    Try the link in my sig :)
     
    Kerry Brown, Dec 12, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.