langerking
asked on
The publisher could not be verified - digital signature
My question is similar to this one from 09/14/2005
no digital signature warning - how to make it go away. Extremely Urgent
asked by chris_certified-nets on 09/14/2005 10:53AM PDT
I have a Windows Server 2003 terminal server allowing access to ONE app, Mas90 version 5.5. When the users launch the app they get an "Open File - Security Warning" that the app does not have a digital signature and prompts them to hit "run" to launch it. In Windows 2000 server there was a GP object ot make these not prompt and run transparently, but I can't find it in 2003. How can I make this not prompt but just run?
To add to the fun, I am here today only to set up this server and would like to not have to drive cross country back to fix it on another day, so lots of points for a fast answer.
The difference is that I am running Citrix Presentation Server on the Windows Server 2003 (SP1) terminal server and I am not running a single app, there are several including Microsoft Business Solutions - Solomon 5.50.2071.
The solution posted back then was to modify 2 HKCU keys:
1. HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Download\ RunInvalidSignatures
2. HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Main\ CheckExeSignatures
I configured the first key but the second does not exist on my system. The problem was not cured by item 1 alone.
I did find a solution:
To disable the warning start the Group Policy Editor (Start > Run, type
-gpedit.msc- and press OK) and go to:
-User Configuration > Administrative Templates > Windows Components >
Attachment Manager- then set -Inclusion list for low file types- to
Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).
It indeed works! After this change the security notification doesn't appear any more when exe files are executed. However, any exe is now allowed to run on this server. This is dangerous.
Can anyone make the solution provided by Netman66 work, am I overlooking something?
Is there a different way to allow only apps that I (the admin) approve without the user having to click on the run link every time?
no digital signature warning - how to make it go away. Extremely Urgent
asked by chris_certified-nets on 09/14/2005 10:53AM PDT
I have a Windows Server 2003 terminal server allowing access to ONE app, Mas90 version 5.5. When the users launch the app they get an "Open File - Security Warning" that the app does not have a digital signature and prompts them to hit "run" to launch it. In Windows 2000 server there was a GP object ot make these not prompt and run transparently, but I can't find it in 2003. How can I make this not prompt but just run?
To add to the fun, I am here today only to set up this server and would like to not have to drive cross country back to fix it on another day, so lots of points for a fast answer.
The difference is that I am running Citrix Presentation Server on the Windows Server 2003 (SP1) terminal server and I am not running a single app, there are several including Microsoft Business Solutions - Solomon 5.50.2071.
The solution posted back then was to modify 2 HKCU keys:
1. HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Download\ RunInvalidSignatures
2. HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Main\ CheckExeSignatures
I configured the first key but the second does not exist on my system. The problem was not cured by item 1 alone.
I did find a solution:
To disable the warning start the Group Policy Editor (Start > Run, type
-gpedit.msc- and press OK) and go to:
-User Configuration > Administrative Templates > Windows Components >
Attachment Manager- then set -Inclusion list for low file types- to
Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).
It indeed works! After this change the security notification doesn't appear any more when exe files are executed. However, any exe is now allowed to run on this server. This is dangerous.
Can anyone make the solution provided by Netman66 work, am I overlooking something?
Is there a different way to allow only apps that I (the admin) approve without the user having to click on the run link every time?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Bradley Fox
FYI: The reason the last one works is because cmd.exe will start the file and the same check doesn't exist when using cmd.exe. Seems like it would be exploitable though, good job MS!
ASKER
Thanks mcsween! The windows firewall is turned off, sorry I didn't mention this. It is the digital signature requirement:
Open File - Security Warning
The publisher could not be verified. Are you sure you want to run this software?
Then you have to click the run button to launch. It's not being blocked by the firewall
I will try to implement one of your other solutions
Open File - Security Warning
The publisher could not be verified. Are you sure you want to run this software?
Then you have to click the run button to launch. It's not being blocked by the firewall
I will try to implement one of your other solutions
If it's not a firewall issue then IDK if my second solution will work, but I have personally used the third solution in some of my vbscripts (Calling cmd /c program.exe -switches) from my script instead of calling program.exe because of the same issue.
Good Luck and I hope you don't have to drive cross country again for this!
Good Luck and I hope you don't have to drive cross country again for this!
ASKER
The other thing I wanted to comment is that I am not running mas90.exe - I have no idea what this is - I was just referring to an earlier solution to a problem similar to mine.
The apps that I am running with this problem are: Solomon vs. 5.50.2071, Abra (HR and Payroll), Goldmine 6.0.
The apps that I am running with this problem are: Solomon vs. 5.50.2071, Abra (HR and Payroll), Goldmine 6.0.
ASKER
Hi mcsween,
I accepted your answer - the third solution worked. I can launch Solomon this way. Thanks!
I accepted your answer - the third solution worked. I can launch Solomon this way. Thanks!