CHM Files Not Working

What's covered?

Since the introduction of Microsoft Security Update 896358, chm files located on a server will not work properly, most commonly clicking a topic in the TOC gets a Page Cannot Be Displayed message.

Microsoft have posted various workarounds. This topic points to those workarounds but, and of importance, it first covers the security considerations surrounding the implemention of those solutions.

UPDATE 12 Jul 2011 The information on this page remains correct. Recently though I have learned of another solution that does not require any registry edits. Tim Green of Help and Manual explains how it works on their support forum. Click here.

 

The identification of the cause of these problems and the workarounds is not my work.

What I have done is pull that information together into one topic and explain the issues involved. I am also grateful to Pete Lees for his counsel on the general content.

The workarounds involve registry changes so great care is required. My registry knowledge is pretty much limited to making changes described by others so I cannot help you if you get it wrong!

Remember, unless you have the training, the golden rule with the registry is DFA. (Don't fiddle about, or something like that.)

About 896358

Since the introduction of Security Update 896358 (Jun 2005) there has been a flurry of postings about chm files that no longer work properly, most commonly clicking the TOC contents gets a Page Cannot Be Displayed message. It also affects Related Topics commands and other instances of the HTML Help ActiveX control. In all cases this is where the chm file is located on a server. Files on the users hard disk are not affected by this patch. So the first obvious workaround is to move the chm file!

At first sight that may not be an option you want to consider so it is worth looking at why Microsoft have introduced this patch. It was not out of spite for technical authors or because their developers had a quiet afternoon and wanted to develop a patch for fun. It was identified that running a chm file posed a security threat which simply means that someone could use it to run malicious code on your PC. The same threat does not exist when then the file is run from your hard disk.

At this point, I can almost hear you screaming "... but we have several hundred users accessing the chm file over an intranet, we cannot install it on their hard disk". Wrong. You can. The point here is that understandably you do not want the overhead of managing that every time there is an update. It may also be that you are a software company whose help is placed on a server at your customer sites and they do not want that overhead.

Well there are workarounds but they involve editing the registry and compromising security! You are undoing part of the protection created by the security patch. You need to reflect on that before rushing on and making these changes.

Some people seem to be expecting Microsoft to issue a patch to fix this. Unlikely I think as it was a patch that deliberately caused the problem rather than an unexpected side effect.

The Safer Options

At this point you may be coming around to view that hacking the registry is not too cool an idea. Your safe options, quite simply, are to move the chm file to the users hard disk or implement webhelp.

For those of you who have not produced webhelp before, the considerations are

Not a welcome scenario but those are the facts and you have to decide how you want to proceed.

The Microsoft Workarounds

If you have jumped straight to this heading be aware that you have missed the cautions about resolving the issue in this way.

Microsoft Topic

Comment

Knowledge Base Article 896358

This is the lead article on all the problems caused by the patch that was announced in Security Bulletin MS05=026. It contains some pertinent warnings as below. However, see the article below for resolving the most common issue.

Note Microsoft's warning in the first paragraph under the heading Things To Try. You must involve your IT department. If your help is installed on customer intranets, then their IT deparments must be cautioned. The warning is reinforced later, see "Approaches to working around application compatibility issues in security upate 896358".

Knowledge Base Article 896054

This topic deals with The Page Cannot be displayed problem.

To run any chm on the intranet

Pete Lees points to two solutions in the article. These will allow any chm to be run on the intranet.

It is for your IT people to decide whether or not these changes should be made in the light of their assessment of how likely it is that a malicious chm file will find its way onto the intranet.

Single PC

Follow these steps to allow a single PC to run chm files stored in any shared folder in your intranet.

Locate the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions

and create a DWORD value called MaxAllowedZone and give it a value of 1. (In a HATT topic Rob Cavicchio advises that this needs to be set to 3 under Vista).

This will remove the block on all files in the Local Intranet zone. See the Microsoft topic for details of other values that can be applied.

The instructions for a single PC are more fully described in the article under "Consumers and non-enterprise customers - Method 2"

All PCs

Essentially the same method is employed using a Group Policy object. This is described in the article under "Enterprise customers - Method 2"

To run any chm in a specific folder on the network (intranet)

Fabio Pagano posted a solution that only allows chm files within a specified folder to run. You (or your IT people or your customers) may prefer that as it is more restrictive and any malicious attacker would rely on you saving their chm file to your folder. It's for you to decide how likely that is.

Locate the key (same key as above)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions

and create a string value called UrlAllowList. Give it a value of

\\hostname\sharename\;file://;

where hostname is the name of your server and sharename is the folder path where the chm files are located.

If multiple paths are to be enabled, the value would be

\\hostname1\sharename1\;\\hostname2\sharename2\;file://;

The above will allow any CHM in those folders to be opened. Use this format to restrict it to a specific file

\\hostname\sharename\yourhelp.chm;file://;

Any CHM except yourhelp.chm in the same folder will continue to be blocked.

Paths containing full stops (periods) will not work.

You can also used mapped drive paths if you are happy the mapping from that PC will not be changed.

Again this method could be deployed on all PCs on the intranet using a Group Policy object.

Make the changes using HH Reg

If you prefer not to make registry changes, then you might like to use HHReg provided free by from EC Software. It works on the registry of a single PC.

Provided you have admin rights over your PC, this tool will enable you to authorise a specific CHM to run or all CHMs in a specific folder. Even if you do have admin rights, you should check with your IT Administrator that they are happy for you make this change.

Your developers can also use this tool as part of their installation routine. Note that whilst it can be run in silent mode you should consider doing so very carefully. Even in silent mode, the user installing your software must have admin rights to enable the changes to be made. However, if they have such rights they will be unaware of the registry change made and the IT administrator might not be too happy about that. It could be politically unwise. Much better to point out that this change will be made and give the user the chance to opt out.

Click here to visit the EC Software site.

Knowledge Base Article 892675

This topic deals with HTML Help ActiveX controls being disabled unless the file is on the local drive.

  • In .chm help, this will, for example have the effect of disabling Related Topics controls if the file is not on the local drive.
  • In webhelp if an instance has been inserted to add a TOC or index in a file for example, then it will not work when the file is uploaded to the server.

The issue does not affect the TOC or index in the navigation pane of a chm file.

Apply the same solutions as described above except that the key to amend is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions

Knowledge Base Article 902225 This topic deals with downloaded chm files not opening.

Donations

If you find the information and tutorials on my site save you time figuring it out for yourself and help improve what you produce, please consider making a small donation.

Topic Revisions

Date

Changes to this page

12 Jul 2011 Link added to the Help and Manual site with an alternative solution.
15 Feb 2007 Change to MaxAllowedZone value under Vista in paragraph re Knowledge Base Article 896054.
28 May 2006 Amended to indicate that Adobe are going to continue develop RoboHelp and that webhelp works under IE7.
18 Apr 2006 Details of HH Reg added.
12 Feb 2006 Minor wording changes to put emphasis on 896358 rather than MS05-026
06 Feb 2006

UrlAllowList value changed from
\\hostname\sharename\;file://\\hostname\sharename
to
\\hostname\sharename\;file://;

Now shows how to add multiple folders and how to restrict to a single chm file.

Now indicates mapped drives can be used.

Now indicates full stops must not be used in path.

21 Jul 2005

Topic revised to provide more detail about allowing all chms to run. Alternative method added describing how to limit chms run to those in a specific folder.

02 Jul 2005

New topic.