Windows XP Service Pack 2 (SP2) Users
Windows XP SP2 Introduction

XP SP2 affects any web page with "active content" running locally on your computer in Internet Explorer. SP2 includes improvements to Internet Explorer security that are intended to help most users by stopping local web pages that contain "active content" from accessing your computer maliciously. "Active content" includes JavaScript, Java applets and ActiveX controls.

Changes for web pages running locally

By default in SP2, Internet Explorer will not let any active content run in web pages that run locally (on the Local Machine, ie My Computer, CD-ROM). You will see a warning message in the new yellow Information Bar - clicking in there will let you "Allow Blocked Content" - after agreeing to another warning.

The browser is becoming the standard interface for many applications, including those that run locally. Many people provide web page information on CD or provide product documentation as web pages.

Information Bar

Why are Microsoft doing this?

The main problem is online web sites that find security holes so as to be able to run code locally. Code that runs locally used to be able to damage your system. So - rather than block up the security holes - Microsoft have decided to clamp down on all local web page active content so that the user has to agree to various dire warnings before letting it run.

All local web pages (including those on this CD) are currently affected. There are ways to turn off this security feature (as described below). However if turned off to make ordinary local content run, then users are susceptible to the same security holes as before.

SP2 default security

As described above, any locally viewed web page that contains active content will be stopped from running.

At the top of the page in the Information Bar you will see this warning:

To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options...

help protect your security...

To enable active content, click on this message and then select:

Allow Blocked Content...

Allow Blocked Content...

You will also be asked to OK this message:

Allowing active content such as script and ActiveX controls can be useful, but active content might also harm your computer.

Are you sure that you want to let this file run active content?

Security Warning

After all this, the active content should run. Note that the active content is only enabled for this Internet Explorer window. If you close this window and come back again you will have to go through the same process again. However, all further active content in this window is enabled.

SP2 new security options

Microsoft have provided new options to turn off the security on local files to let active content run, as shown below.

To run active content on all CDs without warnings, you must change a security setting:

In Internet Explorer, on the Tools menu, click Internet Options. On the Advanced tab, scroll down to the Security section of the list. Select the Allow active content from CDs to run on My Computer check box, and then click OK.

Internet Options

Note: With "Allow active content from CDs" selected, some people find that the Information Bar sometimes still appears saying that it has restricted active content, even though the content runs OK.

Back to Top