The conditions for this problem occur when a user has multiple instances of Internet Explorer 5.5 browsers running in a given session. Under these circumstances, it is possible that a properly authenticated user could be prompted for credentials when accessing a Web server. This is a problem when the target Web server uses the Windows NT LAN Manager (NTLM) challenge and response security scheme.
Date Time Version Size File name
10/20/2000 03:50p 5.50.4522.1800 4,153,296 Advpack.dll
03/12/2001 10:17a 5.50.4522.1800 31,080 Ieexcep.cat
09/19/2000 04:42p 5.50.4522.1800 10,240 Instcat.exe
03/12/2001 10:17a 5.50.4522.1800 7,470 Q286338.cat
03/12/2001 10:17a 5.50.4522.1800 1,552 Q286338.inf
03/08/2001 11:41a 5.50.4522.1800 456,976 Urlmon.dll
11/21/1997 08:10a 5.50.4522.1800 21,504 Verinst.exe
10/20/2000 03:50p 5.50.4522.1800 2,272 W95inf16.dll
10/20/2000 03:50p 5.50.4522.1800 4,608 W95inf32.dll
Example: Previous Configuration of the .INS File
Example: Recommended Configuration of the .INS File
When Internet Explorer downloads the .ins file and configures it, it does various registry operations, one of which is deleting and re-creating the Internet settings\zonemap key. Internet Explorer keeps a handle to this key internally, and uses this handle to access any information under this key. When a new instance of Internet Explorer is opened, it once again downloads the .ins file and configures it. While configuring it, Internet Explorer once again deletes, and re-creates the zonemap key.
It is possible that the first instance will attempt to use the registry key, and that Internet Explorer will close because the operating system marks this key as deleted, and any registry operation will not succeed. This happens because the second instance of Internet Explorer is performing open and deletion operations on the zonemap registry keys. When this happens, the user sees the authentication dialog in the first instance of Internet Explorer because the first instance of Internet Explorer will be unable to determine the zonemap for a given URL, and fails to the safest configuration, which is to prompt the user for credentials.
Because the zone settings key is under both HKCU, and HKLM, and because both are identical, this prevents Internet Explorer from deleting the HKCU portion of the zonemap key, which solves the problem.
The impact of the suggested change is, that for any users on that computer, Internet Explorer will now no longer write to the HKCU key, and it reads all the information from HKLM key.
This is perfectly fine in almost all cases except for the following two:
- If the administrator has locked down the HKLM key for write access, and you want to add/remove to the list of domains that you consider as Intranet, or change any zone settings, this may not work because HKLM key is locked down.
- If the .ins file is rebuilt, the customer needs to remember to comment out this line at that time.
Artikelnummer: 286338 – Letzte Überarbeitung: 19.06.2014 – Revision: 1