Internet Explorer Information Bar

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Explorer Information Bar

Viewing 0 reply threads
  • Author
    • #2203

      The Microsoft Windows Server 2003 InternetExplorer Enhanced Security Configuration component (also known as
      Microsoft InternetExplorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more
      restrictiveInternetExplorer security settings that disablescripts, ActiveX components,and file downloads for resources in the
      Internet security zone. As a result, many of thesecurity enhancements included in thelatest release of InternetExplorer will
      not beas noticeablein Windows Server 2003 Service Pack 1.For example, the new InternetExplorer Information Bar and
      Pop-up Blocker features will not be used unless thesiteis in a zone whosesecurity setting allows scripting. If you are not
      using theenhanced security configuration on your server, thesefeatures will function as they do in Windows XP Service
      Pack 2.
      What does the InternetExplorer Information Bar do?
      TheInternetExplorer Information Bar in Windows Server 2003 Service Pack 1 replaces many of thecommon dialog boxes that
      prompted users for information in previous versions and provides a prominentarea for displaying information that users may
      want to view or act upon.Examples of dialog boxes that have been replaced by Information Bar notifications include blocked
      ActiveX installs, downloads,and activecontent.TheInformation Bar will provideinformation similar to the notification area in
      Microsoft Outlook 2003, which informs users of blocked content.
      Who does this feature apply to?
      This featureapplies to thefollowing audiences:
      Users who need to understand how the new behavior will affect their Web browsing experience.
      System administrators, who need to know how to turn this functionality on or off for theclient computers in their
      Designers of Web sites that rely on add-ons, which will providea different user experience.
      Developers of Web-based applications who need to understand how their experiencechanges.For example, this affects
      the development of ActiveX controls. ActiveX controls thatare updates to controls thatarecurrently installed on other
      computers will only betreated as updates if the GUID of the new control matches thecurrent GUID.
      Developers of applications hosting the Web browser control will need to know how to usethe new application
      programming interface(API) to takeadvantage of this new functionality.
      What new functionality is added to this feature in Windows Server 2003 Service Pack 1?
      Information Bar user interface
      Detailed description
      TheInformation Bar looks and acts in a similar way to the Outlook 2003 blocked content notification area. Itappears below
      InternetExplorer toolbars and abovethe Web pagein view when a notification is presentand disappears on the next
      navigation.Thetext in theInformation Bar varies, depending on the notification that is provided,and wraps to two lines if the
      textexceeds the bounds of the notification area. If a user controls thefocus (that is, which object in the browser can receive
      input) by pressing theTAB key, theInformation Bar gets focus after thetoolbar and beforethe Web page.
      Either clicking or right-clicking theInformation Bar brings up a menu that relates to the notification that is presented.This
      menu always contains a link to Information Bar Help, which provides more detailed information about the notification.
      Additional menu items related to the notification appear abovethe Help menu item.
      Users can configuretheInformation Bar to play a sound when itappears; the default setting for thesound is On.When the
      Information Bar appears, the Windows trust icon appears in place of theError on page notification on thestatus bar.
      In certain cases, morethan oneaction can be blocked.For example,a pop-up window may be blocked at thesametimethatan
      add-on install is blocked. In thosecases, thetext becomes more genericand the menus mergeto show each action blocked at
      thetop level, with each action’s menus in a submenu.
      Thereis a custom security zonesetting for theInformation Bar thatenables users to changethesettings of theInformation Bar
      by security zone. Users can chooseto be notified with theInformation Bar or to go back to the previous behavior and geta less
      prominent notification for fileand code downloads.
      Why is this change important?
      In Windows Server 2003 Service Pack 1, InternetExplorer may block content that is necessary to completecertain onlinetasks.
      TheInformation Bar provides a prominent notification that informs users how to get Web pages they trust working again
      without the moreintrusive prompt that was provided in Windows Server 2003.
      What works differently?
      For this information, seethe next section, “Whatexisting functionality is changing in Windows Server 2003 Service Pack 1?”
      What existing functionality is changing in Windows Server 2003 Service Pack 1?
      Add-on install prompts
      Detailed description
      In previous versions of InternetExplorer included with Windows Server 2003, when a Web pagerefers to an ActiveX control
      that is not currently on thecomputer, users areasked whether they want ActiveX controls to be downloaded. In thecurrent
      version of InternetExplorer, this prompt is displayed in theInformation Bar.Thefollowing table describes theelements in the
      Information Bar.Text in italics will bereplaced by thespecific items appropriateto thesituation.
      Information Bar details for Add-on Install Prompts
      Information Bar
      Message text
      Information Bar text This site might requirethefollowing ActiveX control: Control_Name from Publisher_Name. Click here
      to install…
      Short text Installation Blocked
      Menu options Install ActiveX Control…
      What’s therisk?
      Trusted publishers will work as they did in previous versions.Thecontrols thatare provided by these publishers install without
      requiring additional configuration.
      Blocked publishers display thestatus bar icon.Thecontrol provided by these publishers will not install on thecomputer and
      does not go into theInformation Bar.
      Add-on upgrades work as they did in Windows XP SP1. InternetExplorer uses thefollowing criteria when determining whether
      thecontrol is an upgrade:
      Thefilethat is registered as the ActiveX control must besigned with Authenticodetechnology. (This fileis referenced
      from HKEY_CLASSES_ROOT\CLSID\Control_clsid\InProcServer32, where Control_clsid is the CLSID specified by the OBJECT
      The publisher namein the digital signature of the new control matches the publisher namein the digital signature of the
      existing control.
      If the ActiveX control is packaged in a CAB file, the CAB file must besigned.The DLL or OCX to beinstalled should also be
      signed in order for subsequent upgrades to bypass theInformation Bar.
      Why is this change important?
      Providing add-on install prompts in theInformation Bar rather than a dialog box reduces the occurrences of users
      inadvertently installing code on their computer.
      What works differently?
      Certain Web pages currently rely on users installing codeto function correctly.Somesites redirect the user to a separate page
      thatexplains how to install the ActiveX control. If a siteautomatically redirects the page without providing thecontrol on the
      new page, theInformation Bar will appear on theredirect pageto offer the opportunity to install thecontrol. If, however, the
      sitecloses the window thatattempted to install the ActiveX control, thecustomer might not geta chanceto install thecontrol.
      How do I resolve these issues?
      Web authors should ensurethat the ActiveX control is also available on the pageto which the user is redirected.This will
      ensurethat users haveample opportunity to install thecontrol.
      Web pageauthors should not suggest that users lower their security settings, becauseit will not help in this situation.For
      additional guidancefor Web authors on thechanges introduced with Windows XP SP2 and subsequently included in Windows
      Server 2003 Service Pack 1, see”Fine-Tune Your Web Sitefor Windows XP Service Pack 2″ on the MSDN Web siteat
      Pop-up blocked notification
      Detailed description
      InternetExplorer displays a notification in theInformation Bar when a pop-up is blocked.This becomes a more obvious entry
      point to the Pop-up Blocker functionality, such as replaying the pop-up,adding thesiteto an “allow” list for pop-ups, or
      navigating to Pop-up Blocker settings.TheInformation Bar also provides a top level entry point to turn off theInformation Bar
      for pop-ups if the user decides the notification is too big for this event.
      Information Bar details for pop-up blocked notification
      Information Bar elementMessage text
      Information Bar text Pop-up blocked.To seethis pop-up or additional options,click here…
      Short text Pop-up Blocked
      Menu options Temporarily Allow Pop-ups
      Allow Pop-ups for this Site
      Why is this change important?
      Showing the pop-up blocked notification in theInformation Bar gives higher priority to that notification. Users havea better
      understanding of whereto go to seea blocked pop-up window or to seetheir Pop-up Blocker settings.
      What works differently?
      Turning off theInformation Bar for the Pop-up Blocker causes the Pop-up Blocker to return to notifying users with thestatus
      bar icon. All thesame menu items areaccessiblefrom this status bar icon if the bar is disabled for pop-ups.For more
      information, see”InternetExplorer Pop-up Blocker,” later in this document.
      Automatic download prompts
      Detailed description
      File download prompts thatarelaunched automatically now appear in theInformation Bar.
      TheInformation Bar includes descriptivetext thatexplains why theaction was taken and provides a context sensitive menu that
      you can useto respond to the notification.Thefollowing tableidentifies thetext that will appear in theInformation Bar and the
      actions thatyou can select from the menu.
      Information Bar details for automatic download prompts
      Information Bar
      Message text
      Information Bar text To help protectyour security, InternetExplorer blocked this sitefrom downloading files to your
      computer. Click herefor more options…
      Short text File Download Blocked
      Menu options Download Software…
      What’s the Risk?
      Why is this change important?
      By moving download prompts to theInformation Bar, users can be prevented from installing unwanted code on their
      computers. Previously, sites could overwhelm users with file download prompts and,as a result, users could accidentally run
      unwanted software on their computer.With this change, file download prompts thatarelaunched automatically are more
      likely theresult of a user’s deliberateclick and notan accidental action.
      What works differently?
      Any timea siterefers to a file download prompt withouta user action, such as clicking on an element of the page, the prompt
      appears in theInformation Bar.
      How do I resolve these issues?
      Web authors should ensurethereis a link on the Web pagethata user can click to get to thefile download. If you usea script
      to navigateto theresource, thescript should run synchronously within thecontext of the OnClick event handler for thelink.
      For additional guidancefor Web authors on thechanges introduced with Windows XP SP2 and subsequently included in
      Windows Server 2003 Service Pack 1, see”Fine-Tune Your Web Sitefor Windows XP Service Pack 2″ on the MSDN Web siteat

Viewing 0 reply threads
  • You must be logged in to reply to this topic.