Windows XP SP2 Security "Features"
Richard Niolon, Ph.D.
11/04

There's a new "security feature" available in Microsoft Windows XP after the installation of Service Pack 2 (SP2) that makes creating web pages and testing them on your local machine a complete pain in the ass. Whenever you run an HTML or HTM page that has any script in it at all, you get this wonderful warning: "To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options". If you click, you get the box below. Clicking "Allow Blocked Content" produces another Security Warning to pop up, and you have to click "Yes" to proceed.





While planning for the update to my Intellectual Assessment course web site one weekend, I clicked about 300 times to see the pages I was creating, make revisions, and see the updates. This has to be THE most annoying feature EVER created in the history of Windows. And there's no way the average user can find to turn it off.

Allowing the content once or twice or 100 times does not convince Windows to allow it again. Resetting the security options on My Computer to less secure than that recommended by Microsoft eventually resolved the problem at home in Windows XP Home Edition, but 1) why have security if you are going to turn it off, and 2) it did not resolve the issue at school in Windows XP Professional Edition.

A Microsoft-er tells about this in his blog - http://blogs.msdn.com/tonyschr/ archive/2004/03/21/93551.aspx - and explains Microsoft is referring to this "feature" as the Local Machine Zone (LMZ) Lockdown. Whenever there is any script run on the page, you get the Information Bar, or as I like to call it, the DamnBar.

Turning off The DamnBar - Option 1
One post at the blog above from TheICrow gives you the Registry key to turn this "feature" off.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Internet Explorer\Main\FeatureControl\
    FEATURE_LocalMachine_Lockdown
where you set the REG_DWORD values to 0 to disable LMZ Lockdown.


Turning off The DamnBar - Option 2
You can do some registry editing to allow "My Computer" to show up in your Internet Explorer Security Zones. Microsoft explains how below:
    http://support.microsoft.com/?kbid=315933

This link explains how to make My Computer show up as a Security Zone.     http://www.kayodeok.co.uk/weblog/200402/01/
    hack_ie_my_computer_zone.html

This link contains more information explaining the entries in above examples.
    http://support.microsoft.com/?kbid=182569

This site has an Registry file you just double click to make My Computer show up as a Security Zone, as well as some suggestions for working around this "feature".
    http://www.phdcc.com/xpsp2.htm

And wile we're at it, this site explains how to add another security place for other kinds of pages:
    http://blogs.msdn.com/ptorr/archive/2004/01/29/64215.aspx

Then, once this is done, you can set the My Computer security settings to a lower but customized level.


Turning off The DamnBar - Option 3
This option doesn't actually turn The DamnBar off, but it does trick Internet Explorer. It requires adding a "Mark of the Web" to a file. Microsoft explains this below:     http://www.microsoft.com/technet/prodtechnol/
    winxppro/maintain/sp2brows.mspx

Basically, you add this code to the very top (before the <HTML> opening tag) of every html and htm document:
     <!-- saved from url=(0013)about:internet -->

You'll recognize this line of code; it's at the top of any web page you save locally. The "13" represents the number of letters in "about:internet". This code, at the top of every file, will stop The DamnBar.

It will also stop you from loading other kinds of files in the browser, like PDFs. The trick, if you need to open such a file in Internet Explorer, is to have the html file open a new html file with a meta tag that redirects to the PDF file, like this:
     <META HTTP-EQUIV="Refresh" CONTENT="0; URL=wiscivtechreport1.pdf">

I know, this security "feature" seems pretty easy to get around… but we're talking about Microsoft security….


Turning off The DamnBar - Option 4
This option doesn't actually turn The DamnBar off either, but again is a trick. Start your html file as an HTML Helper Application. This means changing the ".html" extension to a ".hta" extension. HTA files can do lots of things that html files can't or shouldn't.

I know, that doesn't seem very secure… but we're talking about Microsoft….