Internet Explorer Information Bar
Applies To: Windows Server 2003 with SP1
Note
The Microsoft Windows Server 2003 Internet Explorer Enhanced Security Configuration component (also known as Microsoft Internet Explorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more restrictive Internet Explorer security settings that disable scripts, ActiveX components, and file downloads for resources in the Internet security zone. As a result, many of the security enhancements included in the latest release of Internet Explorer will not be as noticeable in Windows Server 2003 Service Pack 1. For example, the new Internet Explorer Information Bar and Pop-up Blocker features will not be used unless the site is in a zone whose security setting allows scripting. If you are not using the enhanced security configuration on your server, these features will function as they do in Windows XP Service Pack 2.
What does the Internet Explorer Information Bar do?
The Internet Explorer Information Bar in Windows Server 2003 Service Pack 1 replaces many of the common dialog boxes that prompted users for information in previous versions and provides a prominent area for displaying information that users may want to view or act upon. Examples of dialog boxes that have been replaced by Information Bar notifications include blocked ActiveX installs, downloads, and active content. The Information Bar will provide information similar to the notification area in Microsoft Outlook 2003, which informs users of blocked content.
Who does this feature apply to?
This feature applies to the following audiences:
Users who need to understand how the new behavior will affect their Web browsing experience.
System administrators, who need to know how to turn this functionality on or off for the client computers in their organization.
Designers of Web sites that rely on add-ons, which will provide a different user experience.
Developers of Web-based applications who need to understand how their experience changes. For example, this affects the development of ActiveX controls. ActiveX controls that are updates to controls that are currently installed on other computers will only be treated as updates if the GUID of the new control matches the current GUID.
Developers of applications hosting the Web browser control will need to know how to use the new application programming interface (API) to take advantage of this new functionality.
What new functionality is added to this feature in Windows Server 2003 Service Pack 1?
Information Bar user interface
Detailed description
The Information Bar looks and acts in a similar way to the Outlook 2003 blocked content notification area. It appears below Internet Explorer toolbars and above the Web page in view when a notification is present and disappears on the next navigation. The text in the Information Bar varies, depending on the notification that is provided, and wraps to two lines if the text exceeds the bounds of the notification area. If a user controls the focus (that is, which object in the browser can receive input) by pressing the TAB key, the Information Bar gets focus after the toolbar and before the Web page.
Either clicking or right-clicking the Information Bar brings up a menu that relates to the notification that is presented. This menu always contains a link to Information Bar Help, which provides more detailed information about the notification. Additional menu items related to the notification appear above the Help menu item.
Users can configure the Information Bar to play a sound when it appears; the default setting for the sound is On. When the Information Bar appears, the Windows trust icon appears in place of the Error on page notification on the status bar.
In certain cases, more than one action can be blocked. For example, a pop-up window may be blocked at the same time that an add-on install is blocked. In those cases, the text becomes more generic and the menus merge to show each action blocked at the top level, with each action’s menus in a submenu.
There is a custom security zone setting for the Information Bar that enables users to change the settings of the Information Bar by security zone. Users can choose to be notified with the Information Bar or to go back to the previous behavior and get a less prominent notification for file and code downloads.
Why is this change important?
In Windows Server 2003 Service Pack 1, Internet Explorer may block content that is necessary to complete certain online tasks. The Information Bar provides a prominent notification that informs users how to get Web pages they trust working again without the more intrusive prompt that was provided in Windows Server 2003.
What works differently?
For this information, see the next section, "What existing functionality is changing in Windows Server 2003 Service Pack 1?"
What existing functionality is changing in Windows Server 2003 Service Pack 1?
Add-on install prompts
Detailed description
In previous versions of Internet Explorer included with Windows Server 2003, when a Web page refers to an ActiveX control that is not currently on the computer, users are asked whether they want ActiveX controls to be downloaded. In the current version of Internet Explorer, this prompt is displayed in the Information Bar. The following table describes the elements in the Information Bar. Text in italics will be replaced by the specific items appropriate to the situation.
Information Bar details for Add-on Install Prompts
| Information Bar element | Message text |
|---|---|
Information Bar text |
This site might require the following ActiveX control: Control_Name from Publisher_Name. Click here to install… |
Short text |
Installation Blocked |
Menu options |
Install ActiveX Control… What’s the risk? |
Trusted publishers will work as they did in previous versions. The controls that are provided by these publishers install without requiring additional configuration.
Blocked publishers display the status bar icon. The control provided by these publishers will not install on the computer and does not go into the Information Bar.
Add-on upgrades work as they did in Windows XP SP1. Internet Explorer uses the following criteria when determining whether the control is an upgrade:
The file that is registered as the ActiveX control must be signed with Authenticode technology. (This file is referenced from
HKEY_CLASSES_ROOT\CLSID\Control_clsid\InProcServer32, where Control_clsid is the CLSID specified by theOBJECTtag.)The publisher name in the digital signature of the new control matches the publisher name in the digital signature of the existing control.
If the ActiveX control is packaged in a CAB file, the CAB file must be signed. The DLL or OCX to be installed should also be signed in order for subsequent upgrades to bypass the Information Bar.
Why is this change important?
Providing add-on install prompts in the Information Bar rather than a dialog box reduces the occurrences of users inadvertently installing code on their computer.
What works differently?
Certain Web pages currently rely on users installing code to function correctly. Some sites redirect the user to a separate page that explains how to install the ActiveX control. If a site automatically redirects the page without providing the control on the new page, the Information Bar will appear on the redirect page to offer the opportunity to install the control. If, however, the site closes the window that attempted to install the ActiveX control, the customer might not get a chance to install the control.
How do I resolve these issues?
Web authors should ensure that the ActiveX control is also available on the page to which the user is redirected. This will ensure that users have ample opportunity to install the control.
Web page authors should not suggest that users lower their security settings, because it will not help in this situation. For additional guidance for Web authors on the changes introduced with Windows XP SP2 and subsequently included in Windows Server 2003 Service Pack 1, see "Fine-Tune Your Web Site for Windows XP Service Pack 2" on the MSDN Web site at https://go.microsoft.com/fwlink/?LinkId=32775.
Pop-up blocked notification
Detailed description
Internet Explorer displays a notification in the Information Bar when a pop-up is blocked. This becomes a more obvious entry point to the Pop-up Blocker functionality, such as replaying the pop-up, adding the site to an "allow" list for pop-ups, or navigating to Pop-up Blocker settings. The Information Bar also provides a top level entry point to turn off the Information Bar for pop-ups if the user decides the notification is too big for this event.
Information Bar details for pop-up blocked notification
| Information Bar element | Message text |
|---|---|
Information Bar text |
Pop-up blocked. To see this pop-up or additional options, click here… |
Short text |
Pop-up Blocked |
Menu options |
Temporarily Allow Pop-ups Allow Pop-ups for this Site Settings |
Why is this change important?
Showing the pop-up blocked notification in the Information Bar gives higher priority to that notification. Users have a better understanding of where to go to see a blocked pop-up window or to see their Pop-up Blocker settings.
What works differently?
Turning off the Information Bar for the Pop-up Blocker causes the Pop-up Blocker to return to notifying users with the status bar icon. All the same menu items are accessible from this status bar icon if the bar is disabled for pop-ups. For more information, see "Internet Explorer Pop-up Blocker," later in this document.
Automatic download prompts
Detailed description
File download prompts that are launched automatically now appear in the Information Bar.
The Information Bar includes descriptive text that explains why the action was taken and provides a context sensitive menu that you can use to respond to the notification. The following table identifies the text that will appear in the Information Bar and the actions that you can select from the menu.
Information Bar details for automatic download prompts
| Information Bar element | Message text |
|---|---|
Information Bar text |
To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for more options… |
Short text |
File Download Blocked |
Menu options |
Download Software… What’s the Risk? |
Why is this change important?
By moving download prompts to the Information Bar, users can be prevented from installing unwanted code on their computers. Previously, sites could overwhelm users with file download prompts and, as a result, users could accidentally run unwanted software on their computer. With this change, file download prompts that are launched automatically are more likely the result of a user’s deliberate click and not an accidental action.
What works differently?
Any time a site refers to a file download prompt without a user action, such as clicking on an element of the page, the prompt appears in the Information Bar.
How do I resolve these issues?
Web authors should ensure there is a link on the Web page that a user can click to get to the file download. If you use a script to navigate to the resource, the script should run synchronously within the context of the OnClick event handler for the link. For additional guidance for Web authors on the changes introduced with Windows XP SP2 and subsequently included in Windows Server 2003 Service Pack 1, see "Fine-Tune Your Web Site for Windows XP Service Pack 2" on the MSDN Web site at https://go.microsoft.com/fwlink/?LinkId=32775.