The simplest option is to use other browsers yourself or within your organisation. However it may not be sensible to say to your users that your content will not work if viewed in Internet Explorer.
If you are producing information on CD or DVD, then active content warnings can be avoided using our software:
ShellRun which can be set up to turn off warnings.
Dynamic-CD software which runs a CD-based internet server.
Suggestion 1 for Microsoft
Come on Microsoft, you can do better than this...
Do the decent thing... block up the security holes... don't ruin locally viewed content.
Your current way of solving the problem of malicious "cross-zone access" by making the local zone unusable is - need I say it - going to make the local zone unusable. And yes, there are lots of people who provide content to be viewed locally, not just information on CD but product documentation and people authoring web content locally before putting it online.
The browser is the "interface of choice" for many developers - many applications nowadays that do not need an online connection are none-the-less written as web applications. These applications will not now work when viewed by an out-of-the-box XP-with-SP2.
Suggestion 2 for Microsoft
Make the local machine zone equivalent to the Internet zone. A lot of pages work fine when viewed online under SP2, but do not work when viewed locally. Pre-SP2 the local zone was less restricted than the Internet zone - why make it more restricted in SP2?
Suggestion 3 for Microsoft
If you cannot be bothered to handle security properly, then at least make the "Allow active content from CDs" option on by default.
SP2 default security
As described above, any locally viewed web page that contains active content will be stopped from running.
At the top of the page in the Information Bar you will see this warning:
To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options...
To enable active content, click on this message and then select:
Allow Blocked Content...
Example showing Internet Explorer trying to run a Java applet locally:
Active content warning for a web page containing a Java applet
You will also be asked to OK this message:
Allowing active content such as script and ActiveX controls can be useful, but active content might also harm your computer.
Are you sure that you want to let this file run active content?
Enabling active content on Local Machine warning
After all this, the active content should run. Note that the active content is only enabled for this Internet Explorer window. If you close this window and come back again you will have to go through the same process again. However, all further active content in this window is enabled (unless you navigate to non-HTML pages such as XML).
SP2 new security options
Microsoft have provided new options to turn off the security on local files to let active content run, as shown on the right.
To run active content on all CDs without warnings, you must change a security setting in Internet Explorer:
Open menu Tools+Internet Options+Advanced tab
Scroll down to the Security section.
Make sure that "Allow active content from CDs to run on My Computer" is checked.
If you want to run active content in all files on your hard disk or similar, then you need to:
Make sure that "Allow active content to run in files on My Computer" is checked.
Note: With "Allow active content from CDs" selected, I have found that the Information Bar sometimes still appears saying that it has restricted active content, even though the content runs OK.
The Internet Explorer Internet Options Advanced options settings needed to run FindinSite-CD
Are the new security options enough?
Many people view web content on local files in hard disk and on CD. Some will be generating content, while most will simply be viewing content. All these people will be affected by SP2.
Are the new security options enough to make these people happy? My guess is that the answer is NO.
Many people (and their system administrators) will be keen to reduce security intrusions as much as possible. Any loosening of the security settings will therefore not be acceptable.
One of our customers has already requested a refund on a software licence purchase because "we don't have control over our end-users machines. We can't simply tell them to change their settings."
