Re: 'Publisher could not be verified' message, IE UserControl
- From: CStewart <CStewart@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Apr 2007 05:08:02 -0700
And just for further clarification:
I performed a REGMON on IE, opened the Tools | Internet Options... |
Advanced windows and logged the registry interaction. Both the
RunInvalidSignatures='1' and CheckExeSignatures='no' values where read, and
these settings were also reflected in the check box settings within the
Advanced Tab. Still, the 'publisher not verified' dialog appears.
Is it possible that the dialog is not being presented by IE, but by
something else?
"CStewart" wrote:
Yes, CheckExeSignatures is a string value, and it was set to 'no'. I have.
played extensively with all the settings. I have manipulated the ‘Zone\1’
values to where I can get the behavior to change for other settings, such as
URLACTION_SHELL_FILE_DOWNLOAD and others, but I still am unable to prevent
the ‘publisher not verified’ dialog box.
I can turn off activex controls all together by manipulating the Zone
values, but I can not stop the prompt.
"KM" wrote:
I don't think going to IE7 would help. The behavior of that security setting didn't change between IE6 and 7.
Just to clarify, you did set the
[HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"CheckExeSignatures"=reg_sz:"no".
(please note the value type)
No, policy entries don't necessarily have to be pre-populated in registry. If they are missing, the policies are considered "not
configured" and usually it lead to behavior defined by documentation (check GPEdit for more info).
--
=========
Regards,
KM
I set the specified 3 registry settings (RunInvalidSig, CheckExe, &
SaveZone), and they had no effect.
Under MKCU\Software\Policies\Microsoft, 'SystemCertificates' was the only
existing key, so 'Internet Explorer\Download' had to be created. Also, only
'Explorer' existed at
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies, so 'Attachments' had
to be created. Should these keys have already existed?
Components "Primitive: CryptUI", "Internet Explorer" and "Windows XP Service
Pack 2 Resource DLL" are all included in the image.
I also included everything needed to support installing IE7 into the image,
built it, then installed IE7. IE7 exhibits the same behavior, again with all
Advanced options set to allow everything and registry values all set to
'enabled'.
"KM" wrote:
Opps. Sorry, should be
[HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"CheckExeSignatures"=reg_sz:"no".
--
=========
Regards,
KM
CStewart,
My bad. I should've mentioned all the related keys there.
[HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"RunInvalidSignatures"=dword:1
[HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"CheckExeSignatures"=dword:0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments],"SaveZoneInformation"=dword:1
Please let us know if that helps you.
Unlike this is you problem but just in case please check if you got "Primitive: CryptUI" component in your image config. Of
course, "Internet Explorer" and "Windows XP Service Pack 2 Resource DLL" components must be in your image as well.
--
=========
Regards,
KM
"CStewart" <CStewart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:63EFCCB4-A6D8-4A0A-A62C-8AD2549FFF16@xxxxxxxxxxxxxxxx
It is my understanding that the common location for this setting is
[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download]RunInvalidSignatures
But regardless, the setting has no effect in either location. I wonder if
anyone knows whether a missing component could be causing IE to not recognize
or behave on the specified registry settings. Of the numerous settings I
have tried, nothing has augmented the behavior of the dialog box; it always
appears.
"KM" wrote:
CStewart,
I guess you are already tried this one?
[HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"RunInvalidSignatures"=dword:0
Corresponds to the "Allow software to run or install even if the signature is invalid" policy.
--
=========
Regards,
KM
On Embedded with XPSP2 & Feature Pack 2007, whenever a web page containing a
UserControl is opened, the user is presented with the 'Publisher could not be
verified' dialog. IE (6 w/h SP2) is being brought up programmatically, as
this embedded system has no keyboard or mouse with which to acknowledge the
dialog box.
This embedded system has no network connectivity, and I am not interested in
digitally signing the user control dll.
I have thoroughly gone through the myriad of registry settings which relate
to the this issue, although one would think turning off the 'Check for
signatures on downloaded programs' within IE would be enough. I have
manipulated the LMZ and other zones, worked with the IE advanced settings, as
well as other related registry settings
(http://blogs.msdn.com/embedded/archive/2005/06/06/425907.aspx). Nothing has
had any effect.
I have even strong named the assembly and signed it in an attempt to simply
get different behavior, but to no avail.
If anyone has any ideas, I would be keenly interested in hearing them.
Thanks.
- Follow-Ups:
- References:
- Re: 'Publisher could not be verified' message, IE UserControl
- From: KM
- Re: 'Publisher could not be verified' message, IE UserControl
- From: KM
- Re: 'Publisher could not be verified' message, IE UserControl
- From: KM
- Re: 'Publisher could not be verified' message, IE UserControl
- From: CStewart
- Re: 'Publisher could not be verified' message, IE UserControl
- From: KM
- Re: 'Publisher could not be verified' message, IE UserControl
- From: CStewart
- Re: 'Publisher could not be verified' message, IE UserControl
- Prev by Date: Re: 'Publisher could not be verified' message, IE UserControl
- Next by Date: Re: Bootable CD problem
- Previous by thread: Re: 'Publisher could not be verified' message, IE UserControl
- Next by thread: Re: 'Publisher could not be verified' message, IE UserControl
- Index(es):
Relevant Pages
|
