Microsoft KB Archive/305830

= Disabling Unsigned Applets Appears to Disable Signed Applets =

Article ID: 305830

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0

-



This article was previously published under Q305830



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you are using the Microsoft Java Virtual Machine version 5.00.3802, the disabling of unsigned applets also appears to disable signed applets.



CAUSE
This behavior can occur because to fix a security vulnerability, it is necessary to give unsigned applets the right to connect to the originating server for any code to run, as before the cab or class file has been downloaded, it is not known what permissions the applet will have. The security vulnerability is described in the following Microsoft Knowledge Base article:

253562 FIX: Untrusted Code Can Access Files on End-User Systems



RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To alter this behavior, use either of the following methods.

To Allow All Unsigned Applets

 * 1) On the Tools menu in Internet Explorer, click Internet Options.
 * 2) Click the Security tab.
 * 3) Click Custom Level.
 * 4) Under Java Permissions, click Custom, click Java Custom Settings, and then click Edit Permissions.
 * 5) Set &quot;Run Unsigned Content&quot; to Run in Sandbox or Enable, and then click OK until all open dialog boxes are closed.

To Allow Unsigned Applets Only the Right to Connect Back to the Originating Server

 * 1) Close all browser windows.
 * 2) Run Regedit.exe on the Zonedon.reg file in the System32 folder to turn on the advanced Java zone settings editor.
 * 3) On the Tools menu in Internet Explorer, click Internet Options.
 * 4) Click the Security tab.
 * 5) Click Custom Level.
 * 6) Under Java Permissions, click Custom, click Java Custom Settings, and then click Advanced Edit.
 * 7) Under Unsigned Permission, click Edit.
 * 8) Go through all of the tabs and disable everything except the non-file URL connect access option on the Network tab and (if you need to run applets from file: URL pages) the access to file URL codebase option on the File tab.
 * 9) Save your changes, and then close all of the dialog boxes.

NOTE: It is also possible to make the preceding changes by using the Cprmedit.exe tool in the Microsoft Java Software Development Kit.



STATUS
This behavior is by design.



MORE INFORMATION
When you allow unsigned applets the right to connect back to the originating server, they have basic rights to run simple applets which are unable to read from the file system or from the registry.

Keywords: kbenv kbprb kbpending KB305830

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.