CHM help files on network shares do not display correctly |
Microsoft HTML Help files may not display correctly if the file the help file is located on a network share, a mapped drive, a roaming user profile, or when the help file is otherwise accessed through a UNC path such as \\server\share. If the problem occurs, the help file opens normally, however, the topic text is not displayed. Instead, a misleading error message such as ‘Navigation to the webpage was canceled’, ‘Action cancelled’, or ‘DNS error’ is displayed.
A Microsoft security updates introduced in June 2005 includes changes to the Microsoft HTML Help viewer, which prevent CHM help files from being displayed correctly unless the CHM help file is located on the local hard drive of the client computer.
Note This problem is not specific to Help Producer. It will affect all Microsoft HTML Help 1.0 files, regardless of the help authoring tool being used.
To work around this problem, you need to ensure that your CHM help files are installed to the local hard drive. If the CHM help files cannot reside on the local hard drive for technical reasons, you will have to make changes to the registry of the computers that will view the CHM help file. Details on the required registry changes can be found in the Microsoft Knowledgebase Article 896054.
Enable HTML Help for network shares
Warning The following procedure shows how extent the security zone of HTML Help files to network shares (Local intranet zone). Extending the security zone for all help files may pose a security risk to your computer.
'HtmlHelpFix.reg'
.
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions] "MaxAllowedZone"=dword:00000003
'HtmlHelpFix.reg'
.In the past, the Microsoft HTML Help component has been responsible for many critical security issues in Microsoft Windows. To limit the attack profile of a computer, Microsoft has restricted the functionality of HTML Help files to be viewable only when the file resides on a local drive. This restriction provides an additional security layer, as it prevents undiscovered security flaws from being exploited, for instance when a malicious HTML Help file is received via e-mail or Internet. The security changes are deployed via the critical security update MS05-026 (KB896358). It is reasonable to assume, that most Windows systems have received this update via the automatic update functionality.
The restriction of being able to view a HTML Help file is implemented via a zone-model. When a HTML Help file is displayed, the permissions of the help viewer are determined by the security zone, which is essentially the location from where the help file is run. Possible security zones include local machine (for instance, a local hard disk drive), local intranet zone (for instance, a company network share or mapped drive), and Internet. With the latest Microsoft security updates the security zone for the HTML Help viewer is restricted to the local machine only.
To be able to view a CHM help file in a different zone, the client computer’s registry must be configured in a way that allows viewing the help file in the security zone from which the help file was executed. This configuration change can be easily done to make HTML Help files work the way they did before the security update, for instance via a software installer program or a company domain policy.
The security zone can be extended for all help files (Ref: KB 896054, Method #2) or for only a certain set of help files (Ref: KB 896054, Method #1). The latter is preferred to minimize the attack profile of a computer.
For more information on the changes made to HTML Help, visit the following Microsoft web pages:
Microsoft Security Bulletin MS05-026
MS05-026: A vulnerability in HTML Help could allow remote code execution
KB896054: You cannot use certain Web applications that use the InfoTech protocol