Microsoft KB Archive/271648

= IEAK 5.5 Restrictions Are Not Applied If Security Imports Occur When You Use Profile Manager =

Article ID: 271648

Article Last Modified on 1/29/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 5.5

-



This article was previously published under Q271648



SYMPTOMS
If security imports occur during the creation of an .ins file through the Internet Explorer Administration Kit (IEAK), Profile Manager automatic configuration policies and restrictions are not applied to the computer through the automatic configuration .ins file.



CAUSE
This problem can occur if the policies that are requested to be implemented in the [ExtRegInf] section of the .ins file are not called. The process indicates that the Iedkcs32.dll file should apply only the settings in the [ExtRegInf] section if there are no settings in either the [ExtRegInf.HKLM] or [ExtRegInf.HKCU] sections of the .ins file. This allows Internet Explorer 5.5 to use an .ins file created with IEAK 5.01 for backwards compatibility. If either the [ExtRegInf.HKLM] or [ExtRegInf.HKCU] sections of the .ins file are populated, the [ExtRegInf] section of the .ins file is not processed because these sections indicate an Internet Explorer 5.5 .ins file; therefore, the policies are not implemented on the computer because they are not contained in either the [ExtRegInf.HKLM] or [ExtRegInf.HKCU] sections of the .ins file.



RESOLUTION
To work around this problem, manually edit the .ins file and add the information from the [ExtRegInf] section of the .ins file into the other sections of the .ins file.

The following sample .ins file may be built by the IEAK Profile Manager:

[ExtRegInf]

inetcorp=*,inetcorp.inf,DefaultInstall

SecZones=*,seczones.inf,DefaultInstall

[Security Imports]

ImportSecZones=1

[ExtRegInf.Hklm]

SecZones=seczones.inf,IeakInstall.Hklm

[ExtRegInf.Hkcu]

SecZones=seczones.inf,IeakInstall.Hkcu

To resolve this problem, manually change the sample .ins file to the following sample .ins file:

[ExtRegInf]

inetcorp=*,inetcorp.inf,DefaultInstall

SecZones=*,seczones.inf,DefaultInstall

[Security Imports]

ImportSecZones=1

[ExtRegInf.Hklm]

SecZones=seczones.inf,IeakInstall.Hklm

inetcorp=inetcorp.inf,IeakInstall.Hklm

[ExtRegInf.Hkcu]

SecZones=seczones.inf,IeakInstall.Hkcu

inetcorp=inetcorp.inf,IeakInstall.Hkcu



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
When the automatic configuration .ins file is parsed, if the cabinet (.cab) file information is present, the Iedkcs32.dll file requests that the .cab file is downloaded because branding must occur. When the .cab file is downloaded, it requests that the .cab file be decompressed. After the .cab file is decompressed, Iedkcs32.dll starts processing the [ExtRegInf.HKLM], [ExtRegInf.HKCU], and [ExtRegInf] sections in the .ins file (in that order) to implement the policies.

The [ExtRegInf.HKLM] section of the .ins file is used by Internet Explorer 5.5 to write entries into the HKEY_LOCAL_MACHINE hive of the registry. This behavior is defined within the .inf file that is called from the .ins file.

The [ExtRegInf.HKCU] section of the .ins file is used by Internet Explorer 5.5 to write entries into the HKEY_CURRENT_USER hive of the registry. This behavior is defined within the .inf file that is called from the .ins file.

The [ExtRegInf] section of the .ins file is used by Internet Explorer 5 to write entries into both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives of the registry. This behavior is defined within the .inf file that is called from the .ins file.

The [ExtRegInf.HKLM], [ExtRegInf.HKCU], and [ExtRegInf] sections of the .ins file allow the same .ins file to be used for both Internet Explorer 5 and 5.5 to reduce administrative overhead that can occur when you support both versions.

Additional query words: ins inf

Keywords: kbfix kbprb KB271648

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.