XPe Service Pack 2 Security

[Guest]

Hi,

I am trying to run an executable on a thin client PC that unfortunately
isn't digitally signed. This executable will run successfully on XP Pro SP2
and XPe SP1, but with XPe SP2, I get an alert "The publisher could not be
verified", and I need to click OK to run the program.

Problem is, I need the program to run automatically when the PC starts up -
the publisher probably will not bother with digitally signing as support for
this product is being ceased soon.

Is there anything I can do to trust this executable such that the warning
message doesn't crop up???

 

[Steven L Umbach]

Try opening local Group Policy [gpedit.msc] and go to user
configuration/administrative templates/Windows components/attachment
manager - inclusion list for low file types and add the file's extension to
the list. Of course keep in mind that will allow any file with that
extension to run on your computer without any prompt. --- Steve

 

[Guest]

Steven,

Thanks for your response.

Unfortunately, being an XPe machine, I cannot run gpedit locally. However,
I managed to run the console from a networked PC, only to find that
attachment manager doesn't exist on the XPe box

Any other ideas???

Try opening local Group Policy [gpedit.msc] and go to user
configuration/administrative templates/Windows components/attachment
manager - inclusion list for low file types and add the file's extension to
the list. Of course keep in mind that will allow any file with that
extension to run on your computer without any prompt. --- Steve

Hi,

I am trying to run an executable on a thin client PC that unfortunately
isn't digitally signed. This executable will run successfully on XP Pro
SP2
and XPe SP1, but with XPe SP2, I get an alert "The publisher could not be
verified", and I need to click OK to run the program.

Problem is, I need the program to run automatically when the PC starts
up -
the publisher probably will not bother with digitally signing as support
for
this product is being ceased soon.

Is there anything I can do to trust this executable such that the warning
message doesn't crop up???

 

[Steven L Umbach]

You could try a direct registry mod using regedit in HKCU and go to
software\Microsoft\Windows\currentversion\policies. Add a new key for
Associations if one is not present and then to that key add a string value
for LowRiskFileTypes and for the value data add .exe if that is the file
extension you want to exclude. --- Steve

Steven,

Thanks for your response.

Unfortunately, being an XPe machine, I cannot run gpedit locally.
However,
I managed to run the console from a networked PC, only to find that
attachment manager doesn't exist on the XPe box

Any other ideas???

Try opening local Group Policy [gpedit.msc] and go to user
configuration/administrative templates/Windows components/attachment
manager - inclusion list for low file types and add the file's extension
to
the list. Of course keep in mind that will allow any file with that
extension to run on your computer without any prompt. --- Steve

Hi,

I am trying to run an executable on a thin client PC that unfortunately
isn't digitally signed. This executable will run successfully on XP
Pro
SP2
and XPe SP1, but with XPe SP2, I get an alert "The publisher could not
be
verified", and I need to click OK to run the program.

Problem is, I need the program to run automatically when the PC starts
up -
the publisher probably will not bother with digitally signing as
support
for
this product is being ceased soon.

Is there anything I can do to trust this executable such that the
warning
message doesn't crop up???