Re: Security warning zone?

Thanks Crina , i was beginning to think no one would understamd my ques. I
will try this tommorow

""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:hInEl%23g4GHA.1864@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Blah,

Thank you for posting in SBS newsgroup.

From the post, I understand that the problem to be: When trying to run an
application from a shared folder on SBS, you received the following prompt
and would like to disable it:

"The publisher could not be verified. Are you sure you want to run this
software?"

According to my research, this is a function of the Attachment Execution
Service presented in Internet Explorer Enhanced Security. This is a user
side security feature that prompts users of downloaded application if they
want to run this application. It presents the user with information about
the application including signature information to assist the consumer in
making an informed decision. This service only runs through the Explorer
Shell. Applications that run in the Command Shell will bypass this
functionality.

To work around this problem, you may removed Internet Explorer Enhanced
Security from Add/Remove Programs or add your network shares into the
Local
intranet and domain name into the Trust sites. To do so:

1. Open Microsoft Internet Explorer.
2. Click Tools, and then click Internet Options.
3. In the Security tab, highlight "Local intranet", click Sites button.
4. Add your network shares or address to the list.
5. Uncheck "Require server verification (https:) for all sites in this
zone" and click Close.
6. In the Security tab, highlight "Trust sites", click Sites button.
7. Add your domain name (http://<domain>.com, http://servername) to the
list.
8. Click Close and reboot the server.

815141 Internet Explorer Enhanced Security Configuration Changes the
Browsing
http://support.microsoft.com/?id=815141

You can also try the following steps:

Step 1: Configure Internet Explorer settings
--------------------------------------------
1. Open your Internet Explorer, click Tools, enter Internet Options
2. In Advanced tab, under the Security section, please check "Allow
software to run or install even if the signature is invalid", uncheck
"Check for signatures on downloaded programs".
3. Click Apply button to exit and test the issue.

Step 2: Configure "Inclusion list for low file types" group policy
---------------------------------------------------------
If this problem continues, let us configure the "Inclusion list for low
file types" group policy on the server.

1. Logon to the server as administrator.
2. Click Start -> Run, type "gpedit.msc" in the text box, and click OK.
3. Locate the following group policy: [User Configuration > Administrative
Templates > Windows Components > Attachment Manager > Inclusion list for
low file types].
4. Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).
5. Click Start -> Run, type "cmd" in the text box, and click OK.
6. Run the following command:

Gpupdate /force

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
| Reply-To: "blah" <stfuhellworld@xxxxxxxxxxxx>
| From: "blah" <stfuhellworld@xxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Security warning zone?
| Date: Tue, 26 Sep 2006 23:15:42 +1000
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
| X-RFC2646: Format=Flowed; Original
| Lines: 10
| Message-ID:
<4519275b$0$15658$5a62ac22@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 203.206.57.62
| X-Trace: 1159276380 per-qv1-newsreader-01.iinet.net.au 15658
203.206.57.62
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!msrtrans!n
ews-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews.google.com!news3.goo
gle.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed.iinet.net.a
u!newsfeed.iinet.net.au!per-qv1-newsstorage1.iinet.net.au!per-qv1-newsstorag
e1.iinet.net.au!per-qv1-newsreader-01.iinet.net.au!not-for-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:300267
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| There is an sbs server with a share on the server. There are a number of
| *.exe's on this share. All xp clients have a shortcuts to these *.exe's
via
| mapped drives to the share. Drives are mapped via name, not ip. All
| computers are on a single domain. How do i disable this warning when
the
| shortcuts are clicked to open these *.exe's
|
|
| http://img87.imageshack.us/my.php?image=secwarbm6.jpg
|
|
|



.