IE 11/Office.js: Access is Denied trying to use localStorage

Question

If I try to run this code in my office-js add-in in Excel 2016 (Desktop), it throws an error and says Access is denied.

ngOnInit() {
    console.log('Writing to localStorage...' );
    localStorage.setItem('foo', 'bar');
    console.log('done.');
}

However, this only happens on one computer, but works as expected on every other. Also, this code works perfectly fine running in any browser including IE 11. Further, if I run excel in Administrator mode, it also works as expected.

There is some permissions or something that are off, writing to localStorage in Excel's sandboxed instance of IE11, and I can't figure out where or what it is.

I think I have tried every fix on this related question and none of them seem to make a difference in this case (Access Denied for localstorage in IE10).

More Background: Initially, this worked on my computer (and I was trying to fix it for a co-worker), but I changed my CachePath registry key (as noted here: Access Denied for localstorage in IE10) to Local instead of LocalLow to be able to reproduce the bug on my box. However, after trying various things to fix it, even switching that registry key back to LocalLow doesn't resolve the issue on my box as I would've expected.

---

Update: Image of my CachePath registry key:

However, using process monitor, I can see it's using the wrong path and ignoring the registry key update:

Why is it ignoring my registry update?

---

Any ideas?

Answer 1

Short Answer:

1. Close IE and Excel and run this command:

   icacls %userprofile%\Appdata\LocalLow /t /setintegritylevel (OI)(CI)L
   

2. Still not working? Open up regedit and delete these two folder from the registry:

   Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
   Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache
   

3. Still not working? Delete the entire Internet Explorer folder from the registry:

   Computer\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
   

---

Longer Answer:

Normally, IE11 running in Protected Mode inside Excel writes anything set in the localStorage object in javascript to this file location:

%userprofile%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore

Notice the LocalLow folder in the path. Most programs would write data to the Local directory (which is for data that only stays on the local machine vs data that is Roaming which will roam with their profile wherever they log in), but the Low on the LocalLow folder refers to something Windows introduced in Vista known as "Integrity" Levels. I belive in protected mode inside Excel, IE can only work with Low integrity level files and normally this is not a problem because everything in LocalLow should be LOW integrity.

1. The subfolder in LocalLow somehow get their integrity level set to something higher than low.

   • In this case, even if a user has full permissions to the files they are trying to write to, they will get access denied if a process that can only deal in LOW integrity files tries to do something with higher integrity files.

   • Fix this by setting everything in LocalLow back to LOW integrity:

     icacls %userprofile%\Appdata\LocalLow /t /setintegritylevel (OI)(CI)L
     

   • More info here: https://stackoverflow.com/a/20848924/3806701

   • If things work correctly when you run excel in Admin mode, this is probably the issue. (Admin users run at high integrity and won't have these issues)

2. Somehow, IE11 is trying to write localStorage to the DOMStore directory, but under the LOCAL folder.

   • IE looks up in the registry the path address for where it should write localStorage to (and that can change depending on the mode/settings IE is operating under).
   • Sometimes that path gets messed up and needs to be fixed. This answer here shows where in the registry you can change Local to LocalLow so it writes to the correct DOMStore folder: https://stackoverflow.com/a/23583134/3806701
   • The biggest question here is, How can you know where it's trying to write in the first place? Using this cool tool, Process Monitor, you can see what's going on under the hood in the iexplore.exe process and see exactly what registry keys it's lookup up/getting and exactly where it's trying to write to: https://learn.microsoft.com/en-us/sysinternals/downloads/procmonenter link description here

3. Finally, if none of the above solutions solve the problem and the registry's CachePath is correctly set to include LocalLow in the path, I deleted the following keys in the registry:

   • Probably a good idea to backup the registry first, just in case and as a best practice, and also make sure and close all instances of iexplore.exe, then delete these keys:

     Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
     Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache
     Computer\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
     

   • For me this was better than re-installing IE, and the next time you start it it will think it's been reinstalled and will setup the registry folders correctly...