Windows Vista, Windows 7, and Windows 8 deployment

Read this overview if you are using BlueZone Web-to-Host to deploy BlueZone to Windows Vista, Windows 7, or Windows 8 users. It will help you understand some of the new security features of Windows Vista, Windows 7, and Windows 8 and how they relate to BlueZone Web-to-Host.

The following outline describes using BlueZone Web-to-Host with Windows Vista, Windows 7, and Windows 8:

ActiveX and Java are subject to certain security limitations to minimize the risk of installing and running malicious code.
BlueZone web-based deployments use ActiveX or Java technologies to manage and activate the terminal emulation sessions.
Standard users cannot download ActiveX controls. However, Java applets can, in many cases, be downloaded and run. You may want to consider using the Java Web-to-Host Control Module in lieu of the ActiveX Web-to-Host Control Module. This change can be made using the BlueZone Web-to-Host wizard. Refer to Switching from the ActiveX control module to the Java control module for more information.
New with Windows Vista is the ActiveX Installer Service that can be configured to allow standard users to download and run administrator approved controls.
For anonymous access, or access by users from uncontrolled computers, consider using the BlueZone Access Server and HTML green screen access.
Note: Learn more about the BlueZone Access Server by visiting the BlueZone website: http://bluezone.rocketsoftware.com/products/web-terminal-emulator/bz-access-server/at-a-glance

The following considerations must be taken into account before deploying BlueZone to Windows Vista, Windows 7, and Windows 8 users.

Web-to-Host Version 4.2 only

If you are using BlueZone Web-to-Host Version 4.2 to deploy to Windows Vista, Windows 7, or Windows 8 users, take the following information into consideration before deploying:

Applies when User Account Control (UAC) is enabled and the Internet and Intranet Zones have protected mode enabled. When UAC is disabled, Vista operates like XP.

Note: For a detailed explanation of User Account Control, refer to the Microsoft website: http://www.microsoft.com/windows/windows-vista/features/user-account-control.aspx
The BlueZone website must be in the Trusted Zone. The user can do this or the administrator can set it using Group Policy.
If the BlueZone website is not trusted and protected mode is enabled, the BlueZone Web-to-Host control will run with errors.
When the BlueZone website is Trusted, BlueZone Web-to-Host operates properly.
Sites added to the Trusted Zone must be referenced using a DNS name rather than an IP address. Internet Explorer does not trust a site accessed using an IP Address.

Web-to-Host Version 5.0 and later

If you are using BlueZone Web-to-Host Version 5.0 or later to deploy to Windows Vista, Windows 7, or Windows 8 users, take the following information into consideration before deploying:

Applies when User Account Control (UAC) is enabled and the Internet and Intranet Zones have Protected Mode enabled. When UAC is disabled, Vista operates like XP.
Note: For a detailed explanation of User Account Control, refer to the Microsoft website: http://www.microsoft.com/windows/windows-vista/features/user-account-control.aspx
BlueZone Web-to-Host Version 5.0 and later has the ability to run with protected mode enabled in the browser. This requires a protected mode setting in the Web-to-Host wizard that forces BlueZone (on Vista computers only) to run in the browser’s protected mode sandbox, regardless of the browser setting. This is best when deploying BlueZone outside the enterprise to partners, customers, and so on.
If the BlueZone Web-to-Host site is not in protected mode, then the BlueZone site must be in a trusted zone. Best when used within the enterprise.
If the user's browser is in protected mode, but not set to trust the BlueZone Web-to-Host site, they are prompted by the BlueZone Web-to-Host Control Module to add the BlueZone Web-to-Host site to their trusted zone before proceeding.
Sites added to the Trusted Zone must be referenced using a DNS name rather than an IP Address. Internet Explorer does not trust a site accessed using an IP Address.

Web-to-Host Version 5.2 and later

If you are using BlueZone Web-to-Host Version 5.2 or later to deploy to Windows Vista, Windows 7, or Windows 8 users, take the following information into consideration before deploying:

If you set ExeMode=Yes in the default.ini file, allow protected mode in BlueZone and in the browser, and turn UAC on, the web page desktop shortcut is not created and the user cannot launch sessions from profiles.

To resolve this problem, you must add the site to Trusted Zones or use the Wizard to disable protected mode. Instruct your users to also disable protected mode in their browser and add the site to their list of trusted sites.

Refer to BlueZone section for more information on setting ExeMode.
You cannot create a Served Desktop or Embedded Mode site with Protected Mode enabled. You must instruct your users to add the site to their list of trusted sites.

Installing the ActiveX control

There are two options to install the ActiveX control:

Have an Admin install it.
Use the ActiveX Installer Service.

Running the ActiveX control

After the ActiveX control is installed, Windows Vista, Windows 7, or Windows 8 users must allow the ActiveX control to run. Use one of the following options:

Add the BlueZone Web-to-Host website to the Trusted Zone. This relaxes protected mode only for sites in the Trusted Zone, allowing the ActiveX control to run with full functionality. It does not relax protected mode for any other security zones.
Use the protected mode setting in the BlueZone Web-to-Host site. This allows the control to operate inside the protected mode sandbox. It does change the location of the user’s working directory and restricts their ability to register the scripting components.
Use the Windows ActiveX installer service. This allows centralized control and deployment of certain ActiveX controls. The service is enabled on Windows 7 PCs and administered through group policy.
Disable protected mode for the browser entirely. This option is not recommended but it does allow the ActiveX control to run.

Upgrade a site

To upgrade a site when the Wizard is installed on Windows Vista, Windows 7, or Windows 8, you must either:

run the Wizard as an administrator
turn off the Windows User Account Control

If you do not run the Wizard as an administrator or set the Windows User Account Control off, the user will receive errors when upgrading a site.