Geoff Chappell - Software Analyst
Sets low integrity for folders needed by Internet Explorer in Protected Mode.
HRESULT SetProtectedModeFolders (VOID);
The function returns zero for success, else an error code.
If not running on Windows Vista or higher, the function fails (returning S_FALSE). Otherwise, for each of several folders, the function creates the folder if necessary, sets low integrity (see SetupLowFolderPath), and may set file attributes. Failure of any step for any one folder is failure for the function. The applicable folders and attributes are:
| Cache\Low | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED |
| Cookies\Low | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED |
| History\Low | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED |
| Favorites | |
| Cache\Virtualized | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED FILE_ATTRIBUTE_HIDDEN |
in which placeholders stand for the configurable paths of various well-known shell folders. The typical resolution in Windows Vista is:
| Placeholder | Symbol | Resolution |
|---|---|---|
| Cache | CSIDL_INTERNET_CACHE | C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files |
| Cookies | CSIDL_COOKIES | C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies |
| Favorites | CSIDL_FAVORITES | C:\Users\username\Favorites |
| History | CSIDL_HISTORY | C:\Users\username\AppData\Local\Microsoft\Windows\History |
Version 8.0 introduces three more folders, apparently known as cache containers, which also get low integrity. These are created in whichever folder contains the Cookies folder:
The function expects to create the intermediate subfolder, e.g., PrivacIE, but allows that it may exist already. If this subfolder does not have either the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED or FILE_ATTRIBUTE_HIDDEN attribute, the function sets both. The function creates the Low subfolder, sets low integrity and sets both attributes. Failure of any step for any one subfolder is failure for the function.
In all versions, the function ends with a low-integrity subfolder, named Low, of whatever Windows is using as the temporary directory. Again, the function creates the subfolder if necessary, sets low integrity, and sets the file attributes to FILE_ATTRIBUTE_NOT_CONTENT_INDEXED. Failure of any step is failure for the function.
The SetProtectedModeFolders function is exported from IERTUTIL as ordinal 37 in version 7.0 and higher.