If you you got here because you recognise the above error message, you're probably at the stage where you are pulling your hair out. Lots of people have this problem, and very few offer solutions. I have two networks that were set up in the same way with the same software, yet the problem only manifested itself in one of them.
When unprivileged users try to insert objects into Word documents, the object is displayed as "Error! Not a valid embedded object."
If they right-click and select <object type> → Open, the object's application will launch and they can successfully edit the object, but clicking on <object type> → Edit doesn't work. This problem is commonly reported as being unable to insert equations into a Word document using Equation Editor, however all embedded objects are affected by this problem.
When users download a file with IE, either by clicking on a non-viewable link or by selecting Save Target As..., they get the error, "Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found." This is usually reported as a more specific problem, such as being unable to view pdf files.
An administrator used Internet Explorer Administration Kit (IEAK) to deploy Internet Explorer with the roaming cache disabled.
Logon as an Administrator and use Control Panel → Internet Options → General → Settings... → Move Folder... to move the cache directory from C:\Windows\Temporary Internet Files to C:\Documents and Settings\<administrator's username>\Local Settings. Windows will create the Temporary Internet Files folder inside the chosen directory and delete the one from C:\Windows. This fixes the problem for all users until another Administrator logs in.
Login as user that is suffering from the problem and run this registry file: cachesettings.reg. This fixes the problem for that user only.
First, use IEAK Profile Manager to clear the Disable Roaming Cache option, upload the modified IE configuration to your server and reinstall IE on every computer. This will fix the registry settings for the .DEFAULT user only.
Then deploy a policy that sets [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]\Cache to %USERPROFILE%\Local Settings\Temporary Internet Files. If you uare using poledit to deploy policies, here is a suitable adm file: fixcache.adm.
If you don't have the infrastructure in place to deploy policies, then ask every user to run cachesettings.reg instead.
With the roaming cache disabled, new unprivileged user accounts are be created with the following settings (inherited from the .DEFAULT user). The entries under the User Shell Folders key are fixed settings; the Shell Folders are generated by expanding the User Shell Folders entries when the user logs in.
| Key | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|---|---|
| Value | Cache |
| Data | %SystemRoot%\Temporary Internet Files |
| Type | REG_EXPAND_SZ |
| Key | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| Value | Cache |
| Data | |
| Type | REG_SZ |
The Cache setting is blank because Explorer could not create the directory. In this state, everything still works since Windows uses C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files by default.
If a new Administrator (or Power User) account is created, they can write to C:\Windows, so the following settings are used:
| Key | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|---|---|
| Value | Cache |
| Data | %SystemRoot%\Temporary Internet Files |
| Type | REG_EXPAND_SZ |
| Key | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| Value | Cache |
| Data | C:\Windows\Temporary Internet Files |
| Type | REG_SZ |
When a normal user next logs in, their Cache directory is set to C:\Windows\Temporary Internet Files because it now exists, however, they can only read from, not write to, this location. When Word tries to create the Content.MSO folder (analogous to Content.IE5) inside this location, it fails, which breaks embedded objects.
The worst case scenario is when a Domain Administrator's account is affected by the faulty registry entries. It is Explorer, not Internet Explorer, that creates the Shell Folders directories, so a Domain Administrator can affect a machine merely by logging in to it.
The solution resets the registry settings to their proper values and to remove C:\Windows\Temporary Internet Files. The correct registry entries are as follows:
| Key | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|---|---|
| Value | Cache |
| Data | %USERPROFILE%\Local Settings\Temporary Internet Files |
| Type | REG_EXPAND_SZ |
| Key | HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| Value | Cache |
| Data | C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files |
| Type | REG_SZ |
| Key | HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| Value | Cache |
| Data | C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files |
| Type | REG_SZ |
Peter Benie <peterb@chiark.greenend.org.uk>
Windows