Security Warning Fix

[HeyBub]

When executing a program loaded via an intranet, you'll often get the
security warning:

"Publisher could not be verified" or some permutation.

Here's the fix:

Start/Run/gpedit.msc
Navigate to User Configuration/Administrative Templates/Windows
Components/Attachment Manager

Add "*.exe" to the "Inclusion List for moderate risk file types" list

This allows programs with invalid/missing certificates to be run over the
network without warning, while preserving the warning for programs executed
via the internet.

If you put "*.exe" in the "low risk file types" list, you won't get the
warning no matter the source of the program.

 

[Shenan Stanley]

When executing a program loaded via an intranet, you'll often get
the security warning:

"Publisher could not be verified" or some permutation.

Here's the fix:

Start/Run/gpedit.msc
Navigate to User Configuration/Administrative Templates/Windows
Components/Attachment Manager

Add "*.exe" to the "Inclusion List for moderate risk file types"
list
This allows programs with invalid/missing certificates to be run
over the network without warning, while preserving the warning for
programs executed via the internet.

If you put "*.exe" in the "low risk file types" list, you won't get
the warning no matter the source of the program.

Wow.
Why would you want to do that?
You should just add your local intranet to the list of allowed sites.
At least put some limit on the executables your users can run instead of,
"any old EXE from any old place you want. GO!"

 

[HeyBub]

Wow.
Why would you want to do that?
You should just add your local intranet to the list of allowed sites.
At least put some limit on the executables your users can run instead of,
"any old EXE from any old place you want. GO!"

Same reason I insist on "easy-open" bottles from the pharmacy: I want my
children to have all the opportunities I had.

 

[Bob I]

Same reason I insist on "easy-open" bottles from the pharmacy: I want my
children to have all the opportunities I had.

Humm, I don't think you can buy that stuff anymore, can you? <VBG>

 

[Shenan Stanley]

When executing a program loaded via an intranet, you'll often get
the security warning:

"Publisher could not be verified" or some permutation.

Here's the fix:

Start/Run/gpedit.msc
Navigate to User Configuration/Administrative Templates/Windows
Components/Attachment Manager

Add "*.exe" to the "Inclusion List for moderate risk file types"
list
This allows programs with invalid/missing certificates to be run
over the network without warning, while preserving the warning for
programs executed via the internet.

If you put "*.exe" in the "low risk file types" list, you won't get
the warning no matter the source of the program.

Wow.
Why would you want to do that?
You should just add your local intranet to the list of allowed sites.
At least put some limit on the executables your users can run instead of,
"any old EXE from any old place you want. GO!"

Same reason I insist on "easy-open" bottles from the pharmacy: I want my
children to have all the opportunities I had.

So instead of teaching your children how to avoid the mistakes you have
made, you want them to just make the same mistakes you did without any
benefit of your past experiences...? Or are you trying to allow them to
make *more* mistakes so they can *not* teach their children their
experiences or yours later - so no one can deal with them more adeptly?
*vbg*

I get the sarcasm in your response, but I had to respond initially because
it seemed like you were suggesting *everyone* should do that - and it just
isn't wise for Joe User to allow every executable from every mapped area the
ability to be ran without warning. heh

 

[Dan Walter]

The security warning comes out of SP2. It happens when you run exe's
from a network - the IE security settings are then invovked. Here is
the "safe" fix - enable exe's from your server only, not globally.
Credit Steve Wiseman, posted on intelliadmin Oct. 3rd, 2006 - I have
made a few tweaks to the instructions using IE 7.
(http://www.intelliadmin.com/blog/2006/10/why-some-shortcuts-say-publisher.html)

1) Determine what server the shortcut is hosted on. For our example we
will allow only shortcuts that are pointing to server1 to be launched
without the warning.
2) Open Internet Explorer.
3) Click on tools, then Internet Options. Click on the security tab.
4) Cick "Local Intranet", and then the "Sites" button should be
enabled. Click it.
5) On the form that is displayed, click advanced
6) You will be shown a list of sites that are in the "Local Intranet"
7) To add your server to the list. Type "file://server map drive" where
'server' is the name of your server, e.g. if S: is mapped to
Server1/Vol1, type "file//S:"
8) Click on Add.
9) Click OK enough times to exit the tools.

Dan Walter


Shenan Stanley wote: