Permission Denied Error in Corporate Environment

Question

Whenever a machine with IE9 that is in our corporate domain navigates to a website (from a link) we receive a Permission Denied error dialog when any of the following window properties are accessed (styleMedia, clientInformation, screen, history, navigator, localStorage, performance, sessionStorage). Initial page loads work but when you have a link to the same page the error occurs.

Originally this manifested itself when the JQuery library was loaded. The first time JQuery accessed window.navigator.userAgent a permission denied error would occur.

All of our machines are Windows 7 64 bit Enterprise SP1. The code below can be ran from IIS or from opening an .html file directly.

We cannot reproduce this issue outside of our corporate domain. We suspect some policy in our corporate environment but have been unable to determine which policy is causing this issue.

We can mitigate the issue as follows:

• Switching to IE7 or IE8 Document Mode and then back to IE9 standards Document Mode will put the browser into a state where it will work from then on.
• Refreshing the page will fix a single page load, but the issue will reoccur when a link is clicked and another page (could be the same one you are currently on) is loaded via a link.
• Navigate to the website from a machine outside of our domain.

test.html

<html>
<head> 
    <title>Permission Denied</title>
</head>
<body>
    <a href="test.html">Click Here</a>
    <script type="text/javascript">
        alert(window.navigator);
    </script>
</body>
</html>

To see all of the properties that are inaccessible we can open this html and click the link on the page:

testWindow.html

<html>
<head> 
    <title>Permission Denied</title>
</head>
<body>
    <a href="testWindow.html">Click Here</a>
    <script type="text/javascript">
        var deniedProperties = '';
        for (var i in window) {
            var obj = window[i];
            if (obj == null) continue;

            try {
                obj._____x = 1; // Attempt to access the object and set a new value on that object.
            }
            catch (e) {
                if (e.number == -2146828218) { // Permission Denied error number.
                    deniedProperties += i + '\n';
                }
            }
        }

        alert('Permission Denied:\n' + deniedProperties);
    </script>
</body>
</html>

Update

This was a domain policy that had been put in place for an issue with IE6. We discovered which policy was causing the problem by working with a support person from Microsoft who recorded and analyzed how policies were being used as I reproduced the problem on my work machine.

Another idea you could try is to setup a child Organizational Unit in Active Directory that you have full permissions to modify. Have it inherit all policies from corporate then use binary elimination to block policies until you find the one causing the issue.

Answer 1

We had the same issue and found that searching the registry for FEATURE_OBJECT_CACHING and setting iexplore.exe = 1 fixed it.

For us this was actually under:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING