In these situations, the File Download dialog box is not preventable in any way. This includes the use of HTML tags, script in the page, hosting the WebBrowser control, and changing security zone options.
Unfortunately, this dialog box can be disruptive to a Web-based interface that relies on these sorts of links to simplify the use of executable files stored on the Web server. This article discusses two alternative safe methods for automatically executing files by hyperlink.
Internet Explorer decides whether to display the File Download dialog box primarily by checking the file's extension and looking in the registry for an application that reads that file. For most types of files, the user can clear the Always ask before opening this type of file option in the dialog box, which grants permission to Internet Explorer to not display the dialog box in the future for those specific file types. Users can also change this setting in the Edit File Types dialog box accessible from the shell's Folder Options by flipping the Confirm open after download check box.
However, Internet Explorer contains a predefined, hard-coded list of file extensions that it inherently distrusts. These extensions correspond to generic executables and other kinds of files that have the capability to harm the user's machine without the proper security safeguards. The File Download dialog box cannot be prevented for any files of these types. The Always ask before opening this type of file option will be grayed out on the dialog box and you will not be able to select it. Following is the list of the file extensions for these file types.
Now consider the scenario of a simple corporate intranet Web site that includes a list of executable links on a friendly Web page. The links are intended to be downloaded and run immediately. Given that the executables are most likely guaranteed by the corporation to be safe (well, as safe as any other typical computer program), it can be extremely tedious to have the user repeatedly deal with the File Download dialog box, especially if this page is used on a daily basis.
Even if the executable files have been signed and the signer is trusted by the user, Internet Explorer will still display the File Download dialog box. Worse yet for the hapless Web authors, Windows UNC hyperlinks -- "\\server\share" hyperlinks that bypass the Web server -- are subject to the same iniquity.
For corporate intranets, there is an alternative to pure hyperlinks that this article refers to as IFRAME linking. Internet sites cannot use this method but can use the method this article refers to as Internet Code Download linking. (The latter method is available to corporations, too.)
Note At default security levels, both techniques still show security dialog boxes. Unlike the troublesome File Download dialog box, though, all of these security dialog boxes are controllable through standard zones-based security options. For the IFRAME linking technique, the dialog box that may appear reads "Running a system command on this item may be unsafe..." and is controlled by the custom security option Launching programs and files in an IFRAME. For the Internet Code Download linking technique, the dialog box that may appear reads "Do you want to install and run..." and is controlled by the custom security option Download signed ActiveX controls.
If you use the techniques in this article in an intranet environment, it is highly recommended that these settings changes are approved and changed for all users of the Web site by corporate administrators. The Internet Explorer Administration Kit (IEAK) provides an easy mechanism for administrators to control and broadcast browser settings such as this. For more information, visit the following Microsoft TechNet Web site:not require users to alter any security settings to view their Web site. Rather, sites that require altered security should request that the user add the site to their "Trusted Sites" list in the Internet Options security property page. This specific site will then operate under low enough security that both techniques in this article will work without prompt.
IFRAME linkingIn this alternative, the Web page exploits Internet Explorer's ability to display Explorer-style file list views inside floating frames (<IFRAME>). Follow these steps:
- Move the files to a special server, share, and directory on the corporate Intranet that the entire intended user audience has permissions to access via Windows UNC.
- Create a separate directory for each executable file and copy the files into the directories. The directories should be empty except for the single executable file.
- Wherever a hyperlink to the executable would have been used, include HTML of the following form:Note that the HTML code points to the directory that the file is located in, not the file itself.
Click on the icon in the following window to run this very special
program automatically without annoying dialog boxes:
Internet Code Download linkingIn this complicated alternative, the Web page bypasses the ordinary File Download process by utilizing Internet Code Download. Internet Code Download is the Internet Explorer feature that allows Web pages to automatically download ActiveX controls and other native code objects. Files obtained through Internet Code Download pass through the ActiveX security framework, which is controllable by security options.
- If the "executable file" is not a signable PE (.exe) such as a .bat file, then the file must be packaged in a .cab file with an INF in the following form.Replace the instance of File.zzz above with the executable file to be run.
For more information about how to package the .cab file, visit the following Microsoft Developer Network (MSDN) Web site:
- Ensure that the .exe (or .cab) is code-signed. If the .exe has not been signed, this can be done using the CryptoAPI Authenticode Code Signing tools. Refer to the CryptoAPI documentation in the MSDN Platform SDK under the "Security" heading for more information.
For security reasons, the process of signing code for an organization is best handled by a central authority that is trusted by the entire organization. Code signing requires either the purchase of costly certificates from external vendors such as VeriSign or the maintenance of a certificate server such as Microsoft Certificate Server on the intranet.
- Use this example page as a guideline for the link and script necessary to launch the signed code without prompt:
<HTML><HEAD><TITLE>Page of executable links</TITLE></HEAD>
<!-- hyperlink uses central script function called linkit() -->
<A HREF="" onclick="return linkit('signed-testfile.exe');">
// linkit puts filename into HTML content and spews it into iframe
strpagestart = "<HTML><HEAD></HEAD><BODY><OBJECT CLASSID=" +
strpageend = "'></OBJECT></BODY></HTML>";
runnerwin.document.write(strpagestart + filename + strpageend);
window.status = "Done.";
return false; // stop hyperlink and stay on this page
<!-- hidden iframe used for inserting html content -->
<IFRAME ID=runnerwin WIDTH=0 HEIGHT=0 SRC="about:blank"></IFRAME><BR/>
Article ID: 232077 - Last Review: Mar 3, 2009 - Revision: 1