Sets low integrity for registry keys needed by Internet Explorer in Protected Mode.


HRESULT CreateProtectedModeRegistry (VOID);

Return Value

The function returns zero for success, else an error code.


If not running on Windows Vista or higher, the function fails (returning S_FALSE). Otherwise, the function sets low integrity for each of the applicable registry keys (see below). Failure for any one does not cause the function to skip any others, but does cause the function to fail (returning E_FAIL). The applicable registry keys are:

To set a low integrity level for a registry key, the function creates the key, asking for KEY_WRITE and WRITE_OWNER access rights, and calls the SetRegistryKeyIntegrityLevel function with the particular SID that is represented by LW in the Security Descriptor Definition Language.


The CreateProtectedModeRegistry function is exported from IERTUTIL as ordinal 33 in version 7.0 and higher.