I was just recently going through my old SQL Server documents and reference material and attempting to organize and tidy things up, when I re-discovered a huge collection of literature that even now is incredibly useful. The only problem is that many of these old electronic books and files are stored in CHM format. Those old timers of you will remember that this was how SQL Server Books online was deployed up to and including SQL Server 2000.
So I tried opening one of these documents and I got the classic (and expected) symptom of a totally blank document body pane.
Try reading this sucker!
Now this wasn’t really a big surprise since the restriction was actually put in place by Microsoft many years ago to prevent content loading from remote and untrusted sources (i.e. the Internet or Network/ UNC paths) and resulting in an infection to your machine. In the past I seemed to remember that it was a simple registry hack, and this time around various searches across the internet were again suggesting that this would be the case. Unfortunately no single article appeared to join all the dots but after a frustrating period of time I finally managed to figure it out again. This fix works on Windows 8/ 8.1 and should also work on prior versions of Windows going back to XP but I have not tested it on these platforms.
I have decided to blog it, not only to help anyone else struggling getting your remote CHM files working, but also so I don’t have to waste one single minute more trying to figure out what the fix is. Assuming you trust the Remote source and the files therein, you have two choices:
- Copy the remote CHM file/s locally.
- Implement the fix described below.
Since I hate having to duplicate reference material, I want to implement the fix. So the first piece of advice you will see quite frequently if you perform a Google or Bing search for this problem, is that you need to add the following registry key into your machine:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions] "MaxAllowedZone"=dword:00000001
Now the important line here is the MaxAllowedZone DWORD (line 4) created under the ItssRestrictions registry key. I first struggled to find any description of what MaxAllowedZone value did, but the following values describe the purpose of each:
0 = My Computer 1 = Local Intranet Zone 2 = Trusted sites Zone 3 = Internet Zone 4 = Restricted Sites Zone
It was only really when I discovered these meanings that the next step fell into place. Essentially these values are setting the maximum zone in which you trust the remote CHM content. So a setting of 1 essentially tells Windows to allow any CHM content that is considered to be part of the Local Intranet Zone (and by default this will not include your network paths). So setting a value of 1 by itself would not (in this case) solve your issue. We could in fact change the value to 3 (Internet Zone) which would fix the problem since this is the Zone that my remote drive is considered to be part of, but that is obviously putting my machine at risk.
MaxAllowedZone key value is set to 1
The solution then is to ensure that the MaxAllowedZone is set to a value of 1 and to ensure that your network path is added into the “Local Intranet Zone” and we do this through Internet Explorer:
- Select Internet Options via it’s Tools menu (Alt+x).
- Click the Security tab and click on the Local Intranet Zone.
- Next click the Sites button and then click the Advanced button from the Local intranet dialog.
- Ensure that you deselect “Require server verification (https:) for all sites in this zone” option.
- Finally all you need to do is type the path to your network drive. In my case I have mapped the network path to my Z:\ drive, so I simply type Z:\ in the “Add this website to the zone:” textbox. The path will be resolved to its real hostname.
- Click the Close button and click any resulting OK buttons and close Internet Explorer.
Now when you try loading your file all of the content loads! I now have Ken Henderson on tap again!
I want you back for good!
tenbulls.co.uk 
I think that after having the content loaded you got that felling of “mission accomplished” that we often get after solving a puzzle (and that was a “Holmes mystery” type).
Well done!
Live long and prosper!
An allow for a share:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
“MaxAllowedZone”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
“MaxAllowedZone”=dword:00000000
“UrlAllowList”=”\\\\ServerName\\Docs;file://\\\\ServerName\\Docs”
An allow for a particular file on a mapped drive:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
“MaxAllowedZone”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
“MaxAllowedZone”=dword:00000000
“UrlAllowList”=”Z:\\MappedDriveLocation\\SQL2000systbl.chm;file://Z:\\MappedDriveLocation”
The above can obviously be combined and you can have many combinations of allows. If you access via FQDN then make sure to specify it.
Thanks Jon. Like I’ve mentioned over Twitter this method didn’t work for me which is why I looked for another way that did. Furthermore I am giving access within an environment where every server, drive and chm is trusted by me so being able to grant access easily by adding any new sites is preferable and (arguably) simpler than adding extra registry entries. Generally I would suggest that enabling the ability to be able to read all automatically assigned Intranet Site CHM files and manually assigned sites is not really a security risk since that is almost certainly the intent on using my method. Your method wouldn’t prevent someone copying other remote content locally and executing that way as well so unless a Security policy was implemented to prevent that then your machine is at risk either way.
Thanks very much for your input though and I recommend that others use the approach that works best for them and meets their technical requirements. For those that want to check out your suggestion, please also refer to http://support.microsoft.com/kb/896054
Thanks for your clear explanation!!! In my case the UNC/DFS location was already in the Trusted zone so I used the value: “MaxAllowedZone”=dword:00000002 and my CHM files now open without issue.