I am trying to write an applet that can read and write files on the user's local machine. I cannot use any server-side tricks for this. With MSIE 4.0, you are supposed to be able to sign your applet and request certain capabilities (which I am). It appears possible (typically lousy Microsoft documentation) that you need to call the PolicyEngine.assertPermission(); function in the method if your applet when it's about to do the thing which you requested permission for (though I have tried both with & without this function). I cannot find any way to convince MSIE to let me operate "outside the sandbox".
On the microsoft.public.java.security newsgroup, this is a common problem - either it simply doesn't work, or there is some little detail Microsoft forgot to mention!