In MSXML 4 SP2 (and later, I assume in advance) if you try to send Post data using the ServerXMLHTTP40 object to a site that’s in the Internet Zone, you get an Access Denied error.

This is another of those things that had me banging my head in frustration until I eventually solved the problem. Contrary to what you may first think, it’s not a bug.

It’s actually upgraded security in this release: it uses the IE settings, and if you try to send unencrypted Post data by HTTP to Internet zone sites, you run into trouble. Details are at the end of the readme for the SP2 release and in KB 820882, but the workaround given does not work in Windows 2000 because the MMC Snapin referred to is only in Windows XP.

Apparently now there’s a Windows 2000 hotfix you can get, but as with all hotfixes, it involves mucking about ringing up Microsoft PSS to get it. (And when it says “Applies to Microsoft Windows 2000 Standard Edition”… what is that, exactly? Maybe they mean Professional?)

You can also get into IE and change the zone settings, but it has to be the same user that runs your process. If the process is some kind of robot, it’s not always possible to do this.

Eventually I dug around in some MSKB articles and eventually found article 182569 that talked about how to change the relevant settings via the registry.

To tell Windows to ignore user-specific settings, and always use the zone setting you are about to define, create or edit the following Registry key:

HKEY_LOCAL_MACHINE; Software; Policies; Microsoft; Windows; CurrentVersion; Internet Settings; Security_HKLM_only (DWord value) = 1

The alternative would be to change the following setting for each user that will try and do the HTTP post, eg in HKCU/HKU instead of HKLM.

Okay, so to tell it to allow unencrypted HTTP Post data into the Internet zone:

HKEY_LOCAL_MACHINE; Software; Microsoft; Windows; CurrentVersion; Internet Settings; Zones; 3; 1601 (DWord value) = 0

See MSKB 182569 for more details.