SetProtectedModeFolders

Sets low integrity for folders needed by Internet Explorer in Protected Mode.

Declaration

HRESULT SetProtectedModeFolders (VOID);

Return Value

The function returns zero for success, else an error code.

Behaviour

If not running on Windows Vista or higher, the function fails (returning S_FALSE). Otherwise, for each of several folders, the function creates the folder if necessary, sets low integrity (see SetupLowFolderPath), and may set file attributes. Failure of any step for any one folder is failure for the function. The applicable folders and attributes are:

Cache\Low FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
Cookies\Low FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
History\Low FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
Favorites  
Cache\Virtualized FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
FILE_ATTRIBUTE_HIDDEN

 in which placeholders stand for the configurable paths of various well-known shell folders. The typical resolution in Windows Vista is:

Placeholder Symbol Resolution
Cache CSIDL_INTERNET_CACHE C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files
Cookies CSIDL_COOKIES C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies
Favorites CSIDL_FAVORITES C:\Users\username\Favorites
History CSIDL_HISTORY C:\Users\username\AppData\Local\Microsoft\Windows\History

Cache Folders

Version 8.0 introduces three more folders, apparently known as cache containers, which also get low integrity. These are created in whichever folder contains the Cookies folder:

The function expects to create the intermediate subfolder, e.g., PrivacIE, but allows that it may exist already. If this subfolder does not have either the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED or FILE_ATTRIBUTE_HIDDEN attribute, the function sets both. The function creates the Low subfolder, sets low integrity and sets both attributes. Failure of any step for any one subfolder is failure for the function.

Temp Folder

In all versions, the function ends with a low-integrity subfolder, named Low, of whatever Windows is using as the temporary directory. Again, the function creates the subfolder if necessary, sets low integrity, and sets the file attributes to FILE_ATTRIBUTE_NOT_CONTENT_INDEXED. Failure of any step is failure for the function.

Availability

The SetProtectedModeFolders function is exported from IERTUTIL as ordinal 37 in version 7.0 and higher.