login vsi company logo login vsi company logo 250x40
  • Home
  • Blog
  • Login VSI
  • User account control impact on automating Internet Explorer during a Login VSI test

User account control impact on automating Internet Explorer during a Login VSI test

User account control impact on automating Internet Explorer during a Login VSI test

If you’ve been in touch with our Login VSI support department regarding an Internet Explorer issue, we may have asked you to enable protected mode. We usually ask to enable Protected Mode in cases where we cannot interact with the web page. That seems strange. Why would adding additional protection allow us to interact with the web page after all? The answer is a set of security features commonly known as user account control.

Protected mode is part of that set of security features. Protected Mode prevents a malicious website from being able to compromise the security of your system by running Internet Explorer with a lower so- called integrity level. Integrity levels control which level of application can talk to each other programmatically.

user account control impact on automating internet explorer during a login vsi test enable protected mode

To enable Protected Mode in IE, go to Internet Options, select the Security tab, and check the Enable Protected Mode box.

Three integrity levels

There are 3 integrity levels: Low, Medium and High. High integrity level processes are typically processes running with administrator rights or even system level rights. Medium is the default normal level and Low is for untrusted processes. A process can talk to processes down the chain. High can talk to Medium and Low, for example. But you cannot go up the chain. This feature was introduced to combat so called shatter attacks.

Impact on Internet Explorer

Internet Explorer runs with the Low integrity level by default. Internet Explorer will switch to a higher integrity level where needed. An Intranet website, where protected mode is disabled, will run with the Medium level integrity level, for example. This switch is where the problem lies. When you start Internet Explorer programmatically, you get a reference to the newly started Internet Explorer process. That process starts with the Low integrity level.

If the website is located in an Intranet zone, then Internet Explorer will start a second process that runs with the Medium integrity level. But the program still has a reference to the old, Low integrity level process. This is why you might see CTXConnect being unable to interact with a website, or the Login VSI engine failing to be able to interact with an instance of Internet Explorer. When Protected Mode is enabled, a website is always run with the Low integrity level. The program retains the ability to control the application, as there is no need for a second process.

user account control impact on automating internet explorer during a login vsi test launcher

Login VSI has encountered an unexpected error and cannot initiate a session.

Conclusion: Why enable Protected Mode?

When you start Internet Explorer (IE) programmatically, IE runs with the Low integrity level but when you browse to an Intranet zone website, IE will start a second process with the Medium integrity level. Because of the different integrity levels, Login VSI will be unable to interact with Internet Explorer. Enabling Protected Mode will make sure that Internet Explorer is always running with the Low integrity level (also in an Intranet zone) and Login VSI is able to communicate with the webpage at all times.

And if you still have trouble with IE, let us know by contacting support@loginvsi.com.

About the author

Dennis Geerlings started at Login VSI about 4 years ago and worked as a consultant within Login Consultants. He supported multiple customers in migration projects. Presently, Dennis is support manager and lead consultant at Login VSI. In these roles he supports customers and partners in the US and Canada, co-develops the Login VSI product, and serves as a pre-sales engineer for enterprise customers. 

Tags: How-to, Login VSI, Load Testing, Best Practices, Support

What our customers are saying

Michael Cooper - Citrix

"We use Login VSI as a level set. If we are looking at a system that we are putting on brand new hardware or that we are putting in the cloud, we may see those environments completely differently but the end result is: is the user going to have a good solid happy user experience? And what Login VSI provides us on all three platforms is fairly consistent apples-to-apples comparison: is the user happy?"

Michael Cooper, Director of Solutions Architecture and Global Alliances at Citrix Systems

Dan O'Farrell - Dell

"The primary goal of our VDI appliances is to simplify and to take the guesswork out of VDI, and the Login VSI tests help us to do that from a performance expectation capability. When we offer one of our appliances to our customers, we deliver benchmarks that are validated using multiple Login VSI workloads. When compared to a customer’s workload, these Login VSI-enabled benchmarks allow precise sizing estimations to be created."

Dan O'Farrell, Director, Product Marketing, Cloud & Client at Dell

Tristan Todd - VMware

“Login VSI is my favorite test orchestration and simulation tool for large-scale reference architecture testing. Not only do we use it in our testing, but we work with partners who use Login VSI exclusively, with the idea that you create the most realistic simulated workload at scale, to really test infrastructure and software capabilities. What’s more, getting the results and be able to measure yourself across platforms and across vendor solutions is just fantastic and is unequalled in the industry.”

Tristan Todd, EUC Architect at VMware

Login VSI, Inc.

300 Tradecenter

Suite 3460
Woburn, MA 01801

Phone: +1 844 828 3693

Login VSI B.V.

De Entree 85
1101 BH Amsterdam
The Netherlands

Phone: +31 20 705 1200