Still have a problem? Ask for help at our discussion forum.

Advanced Search
Article Options
Popular Articles
  1. Windows Mail Spell Check Language is no longer available for Spell Checking
  2. Windows Vista Wallpaper
  3. An Error Has Occurred in the Script on This Page
  4. Windows Vista Release Schedule
  5. Windows Vista
No popular articles found.

 »  Home  »  Internet Explorer Page 1  »  Elevation Policy for Protected Mode
Elevation Policy for Protected Mode
By  Super Admin  | Published  11/23/2006 | Internet Explorer Page 1 | Rating:
Elevation Policy for Protected Mode

In Windows Vista, securable objects automatically inherit the integrity level of the process that created them. Therefore, files or registry keys have a low integrity when they are created in protected mode. This means that a low integrity process can obtain write permission to the objects it creates. However, a low integrity process cannot gain write permission to medium or to high integrity folders or files in the user's profile.

By default, when Microsoft Internet Explorer 7.0 runs in protected mode, the extensions cannot access medium integrity or high integrity objects. This provides the best protection against malicious software attacks. When an extension requires access to higher integrity objects, the default Internet Explorer 7.0 behavior is to prompt the user for elevation through a dialog box. If the user confirms the elevation, this creates a broker process with a higher integrity level. This broker process accesses the higher integrity object on behalf on Internet Explorer 7.0.

You can use the registry to override this default behavior so that the user is not prompted for elevation through a dialog box. This article describes how administrators can use .adm or .admx files to add the policy, "Enable customizing the elevation policy for Protected Mode," to enforce their desired elevation policy behavior for different applications.


How would you rate the quality of this article?
1 2 3 4 5
Poor Excellent
Tell us why you rated this way (optional):

Send to Author Post on Site