Windows Vista and IE 7 introduced two new security enhancements, Integrity Levels (IL) and Protected Mode. These security enhancements affect the way we access certain SharePoint features when published through UAG. Let's take a couple of minutes to understand the what and the how of it. In Vista and Windows 7, by default, Internet Explorer runs in Protected Mode and thus has a Low IL (Integrity Level), whereas Office has a Medium IL. For more details about the IE protected mode and these Integrity Levels refer to the article on http://msdn.microsoft.com/en-us/library/bb250462.aspx.
When publishing SharePoint, UAG sets a persistent cookie for Office Integration and Explorer View to work. The cookie is set by an ASP page (SharePointRedirector.asp). When IE runs in Protected Mode, the cookie is written in the LOW storage and therefore Office, which runs at MEDIUM IL, cannot read this cookie. There are two possible solutions to this problem:
- Make sure the Endpoint Session Cleanup component is running. Other than deleting leftovers, this component can also pass the persistent cookie from LOW to MEDIUM storage.
- Alternatively, add the UAG trunk's public host name and SharePoint application's public host name to an IE security zone that disables IE Protected Mode (by default that would be the Trusted Sites zone)
We will discuss the Endpoint Session Cleanup component and other client components in Chapter 8.