How to use IE Protected Mode together with Folder Redirection?

Add-in Express™ Support Service
That's what is more important than anything else

How to use IE Protected Mode together with Folder Redirection?
 
Hernan




Posts: 37
Joined: 2011-01-28
Hi,

I am using the LocalLow folder to store/retrieve information fr om the IE plugin.
But LocalLow is a local folder, how can I store/retrieve information from a low privilege folder using folder redirection? The idea is that the user login from any machine and have a folder wh ere the plugin can write/read in "protected mode".

Thanks,
Hernan
Posted 18 May, 2011 09:26:59 Top
Sergey Grischenko


Add-in Express team


Posts: 7217
Joined: 2004-07-05
Hi Hernan.

The folder where the user can write/read under Protected Mode is '.\Users\<User name>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\'.
To get this folder you can use the Environment.GetFolderPath method with the 'SpecialFolder.InternetCache' parameter.
Posted 18 May, 2011 09:39:27 Top
Hernan




Posts: 37
Joined: 2011-01-28
Thanks Sergey for your prompt reply.

We found that LocalLow can also be used to writing. Am I wrong?

What I asked is how to deal when you're working on a "corporate environment" and probably you log into a domain server and have folders mounted from remote disks.
How to work around that if you want to persist information there?

Thanks,
Hernan
Posted 18 May, 2011 10:14:36 Top
Sergey Grischenko


Add-in Express team


Posts: 7217
Joined: 2004-07-05
I can't ask at the moment. I will try to find any solution here:
http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx
Posted 18 May, 2011 10:44:06 Top
Sergey Grischenko


Add-in Express team


Posts: 7217
Joined: 2004-07-05
Hi Hernan,

Based on the information provided in the article, it is not possible to write anything except to the writable location.

Low integrity processes can write only to folders, files, and registry keys that have been assigned a low integrity mandatory label. As a result, Internet Explorer and extensions run in Protected Mode can write only to low integrity locations, such as the new low integrity Temporary Internet Files folder, the History folder, the Cookies folder, the Favorites folder and the Windows temporary file folders. For a complete list, see the Frequently Asked Questions (FAQ) section.


Also:

Q: Does UAC file and registry virtualization apply to Protected Mode?

A: No, UAC virtualization does not apply to Protected Mode and, therefore, write access to Protected Mode extensions that write to sensitive areas will not be redirected.

Protected Mode also does not have write access to the redirected or virtual store for system areas. Extensions running in Protected Mode get an Access Denied error when they attempt to write to sensitive system areas.

Q: Are there specific locations in the USER PROFILE or HKEY_CURRENT_USER registry location that an extension in Protected Mode Internet Explorer can not write to?

A: Yes, Internet Explorer-specific locations in the following USER PROFILE folders:
Documents and Settings\%USER PROFILE%...
...\Local Settings\Temporary Internet Files
...\Local Settings\Temp
...\Local Settings\History ...\%USER PROFILE%\Favorites ...\%USER PROFILE%\Cookies
Extensions can write to the following locations:
Documents and Settings\%USER PROFILE%...
...\Local Settings\Temporary Internet Files\Low
...\Local Settings\Temp\Low
...\Local Settings\History\Low ...\%USER PROFILE%\Favorites\Low ...\%USER PROFILE%\Cookies\Low %USER PROFILE%\AppData\LocalLow
Note that extensions cannot write to system locations such as the Program Files folder or the HKEY_CLASSES_ROOT or HKEY_LOCAL_MACHINE subtrees.
Posted 19 May, 2011 06:40:47 Top
Hernan




Posts: 37
Joined: 2011-01-28
Thanks Sergey, that's clear.

Now, how to your work with Isolated Storage within "Protected Mode"? Is there a guideline?
I saw this post in the forum but the original author never replied: http://www.add-in-express.com/forum/read.php?FID=10&TID=7077&MID=35279#message35279

Thanks,
Hernan
Posted 19 May, 2011 15:59:26 Top
Sergey Grischenko


Add-in Express team


Posts: 7217
Joined: 2004-07-05
Hi Hernan,

I think that Isolated Storage complies to the same rules if Protected Mode is On.
Posted 20 May, 2011 08:22:25 Top