Hints for users of Windows Vista

In general, users of Windows Vista should have no problem in using the BSCW service via a web browser. However, in case of certain components of the BSCW software, which access services of the operating system, special hints should be observed.

Hints regarding usage of the Briefcase feature in BSCW

When using the BSCW Briefcase feature (offline synchronization of files between BSCW server and local PC) on Windows Vista and Internet Explorer (IE7), certain  restrictions have to be regarded. A solution within BSCW cannot be achieved as these are general restrictions with Windows Vista/IE7/Java. However, a number of alternative workarounds is shown below:

  1. Use the Firefox browser on Vista. The BSCW Briefcase Applet works fine with  the Firefox browser (Firefox still provides full access to system resources to the signed Java Applet).
  2. Select a local directory for the BSCW Briefcase folder with a lower security level  ("low level integrity") when using  IE7/Vista. Choose an according directory within BSCW  using "Options/Synchronization", e.g.
  3. De-activate the "Protected Mode" in IE7 by declaring the URL of the BSCW server as a secure site. Add the URL of the BSCW server to the list of trusted sites  (Extras / Internet Options / Security / Sites). The level "trusted sites" should have the option "enable protected mode" de-activated.
  4. Change the security level of the local Briefcase folder. Open the Windows console as administrator and execute the following command:
    icacls  /setintegritylevel (OI)(CI)low
Hint: We suggest to de-activate the "Protected Mode" in IE7 by declaring the URL of the BSCW server as a secure site.


Background information

The BSCW Briefcase Applet is a signed Java Applet and requires full access to the local file system in order to read and write files during synchronization. The Java security concept ("sandbox model") does allow this, however recent changes in  Vista/IE7 prevent Java Applets from accessing system resources. The reason is in the new security model introduced with MS Vista (Mandatory Integrity Control — MIC) and IE7 (IE7 Protected Mode). IE7 is running in a low security level and does only have write access to directories of the same security level. The same restrictions apply to components running within IE7 (such as Java Applets).

SUN Microsystems (developer of the Java technology) is informed about the problem and a general solution within the next version of the Java software (especially the Java Plugin) is expected.