Re: IE7, New User on Terminal Server

Hi Scott,

When you create a new user on the TS, the profile is being created with more restrictive security settings than what the existing accounts have. This is most likely related to IE Enhanced Security Configuration being enabled and perhaps also your IE7 install.


Internet Explorer Enhanced Security has a major impact on the user's browsing/ability to run programs/scripts, etc.
One of the key things it does is disable automatic detection of intranet sites. This can cause a mapped drive to be considered in the Internet zone when accessed from 2003 whereas it is considered in the Local intranet zone under XP.

To troubleshoot this, start by determining what zone the share is in (while logged on as a user with the problem). You can check this by opening up windows explorer, browsing to the drive/share, and then examining the lower right corner of the status bar. If you do not see the status bar, choose it from the View menu.

If the share is in the Internet zone but should really be in the Local intranet zone, add it to site list for Local intranet.
You can apply to all users using Group Policy. If after verifying that the share is running in the correct zone you still are unable to run the program, check the security settings for the zone.

The primary setting you are looking for is "Launching applications and unsafe files". If set to disable, the user will get the "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

See this article for more information on IE Enhanced Security:

http://support.microsoft.com/kb/815141

-TP

Scott C wrote:
Here's one that I looked for but couldn't understand why it's
happening:

This is a Terminal Server 2003 where users run an applications
through a mapped share to a STD Win 2003 SP1, on same subnet and no
firewalls. IE7 is installed on Terminal Server.
Existing users can run apps.
New Users with proper perms get a "perhaps its a permission issue"
when running any exe off a share.
Removing IE7 AND removing user's cached local ts profile fixes the
issue.

User does not have same issue running IE7/Windows XP connecting to
same drive.

Things I tried:
adding subnet into trusted zone.
hunting around the Policy settings for anything relating to this.

Any ideas?

Thanks,
Scott
.

Relevant Pages

  • Re: Unable to download/run ActiveX controls
    ... Your current security settings prohibit running Active X ... Test Your ActiveX Installation ... change the security settings for this zone? ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: GPO to prevent IE, OE, and Address Book menu items?
    ... Now that you are an expert on Just-In-Time setup, you get to become an expert on security zone settings. ... In my case it says Local Intranet, because S: is located on a server that I have defined as part of the Local Intranet. ... We are fixing a single user at the moment, but later we can change the settings for all users using Group Policy. ...
    (microsoft.public.windows.terminal_services)
  • Re: SP2 & IE & Download
    ... Uninstall the firewall in you AV ... Your current security settings prohibit running Active X ... change the security settings for this zone? ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: disable drag and drop
    ... Your current security settings prohibit copying or moving files from this zone.]] ... How to Enable the My Computer Security Zone in Internet Options ...
    (microsoft.public.windowsxp.general)
  • Re: Active X settings?
    ... Click the Security tab. ... In the Select a Web content zone to specify its security settings box, ... How to Use Security Zones in Internet Explorer ...
    (microsoft.public.windowsxp.customize)
Loading