How to Restrict the Shortcut and WinHelp Commands in HTML Help (810687)
The information in this article applies to:
- Microsoft Windows XP 64-Bit Edition
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
- Microsoft Windows XP Professional
IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that you
understand how to restore the registry if a problem occurs. For information
about how to back up, restore, and edit the registry, click the following
article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry : If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.
SUMMARYWith features in HTML Help, you can run executable programs
from a help (.chm) file. The Shortcut command is used to run an executable program that is external to
the Help file. The WinHelp command is used to run Winhlp32.exe to display a Winhelp (.hlp)
file. This article describes how to restrict the Help files that are allowed to
use the Shortcut and WinHelp commands. MORE INFORMATIONHTML Help has implemented a new system policy
(available for Windows NT 4.0, Windows 2000, and Windows XP systems) that is named
"Restrict potentially unsafe HTML Help functions to specified folders". You can
use this policy to specify which Help files can use the Shortcut and WinHelp commands. You can also use the policy to completely disable the
commands on the system. To do this, you must be the system administrator on the
computer. The "Restrict potentially unsafe HTML Help functions to specified folders" policy does not show up in the Group Policy editor graphical user interface (GUI). Important Note Only folders on the local computer can be specified in this
policy. You cannot use this policy to enable the Shortcut and WinHelp commands for .chm files that are stored on mapped drives or that
are accessed through UNC paths. The patch from Security Bulletin MS02-055, Internet Explorer
6 Service Pack 1 or Windows XP Service Pack 1 must be installed for this
policy to work correctly. For more information about this patch and how to
download it, visit the following Microsoft Web: When
a user tries to use one of the commands in a Help file that does not have
permission, nothing happens. The command is not executed, and no error message
is displayed. To enable the commands for the default help file
locations, add or modify the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\
Value name: HelpQualifiedRootDir
Data type: STRING
Value data:
%windir%\help;%windir%\pchealth\helpctr;%program
files% To enable the commands for the help
files in only the C:\myhelpfile folder, add or modify the
following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\
Value name: HelpQualifiedRootDir
Data type: STRING
Value data:
c:\myhelpfile To disable the
commands for all Help files, add or modify the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\
Value name: HelpQualifiedRootDir
Data type: STRING
Value data: leave
empty To enable the commands for more than
one folder, use semicolons (;) to separate the folders, add or modify the
following registry value as in this example: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\
Value name: HelpQualifiedRootDir
Data type: STRING
Value data:
c:\myhelpfolder;%windir%\help In the value data, you can use an environment variable such as
%windir% if the variable is defined on the system. For example, %programfiles%
is not defined on some early versions of Windows.
| Modification Type: | Major | Last Reviewed: | 6/22/2004 |
|---|
| Keywords: | kbhowto KB810687 kbAudITPRO kbAudEndUser |
|---|
|