Solved

Getting File Download Warning when lauching shortcuts in GPO redirected start menu

Posted on 2004-09-14
13
369 Views
Last Modified: 2010-04-19
Having a problem launching shortcuts in a redirected start menu from within terminal services and citrix.  I get an IE file downlaod warning.  When I login using the same user on a local xp box the redirected start menu works fine and I don't get an error.  The start menu is being redirected to a remote location i.e \\server\operations\start menu.  Why does IE get involved with opening the remote shortcut? and how do I get rid of it?  Seems like lowering the security of server 2003 will do it, I just don't know where.

Thanks -

0
Comment
Question by:mberryaz
13 Comments
 
LVL 3

Expert Comment

by:kaily27
ID: 12062900
Try lowering security under internet options--> privacy
0
 
LVL 4

Expert Comment

by:sloopeth
ID: 12063704
or make thw machine part of a trusted site
0
 
LVL 83

Expert Comment

by:oBdA
ID: 12067419
You'll have to add the server to which the shortcuts are redirected to the "Local Intranet" sites in the IE properties.
Your XP clients handles NetBIOS and UNC names as being in the local intranet by default, but W2k3 doesn't do that.
0
 
LVL 1

Author Comment

by:mberryaz
ID: 12069874
Ok guys thanks for information.  I understand that I need to modify the local intranet settings - is this a per user item or can (how)  I set it for the whole server?  I can't do it per use because of GPO restricsions, I guess I could push out the modified IE security via GPO, but it would be easier to modify it once.

Please advise -
0
 
LVL 1

Author Comment

by:mberryaz
ID: 12069895
one note -

On the 2003 server loged in as admin in IE settings for local interanet the include all network UNC paths is checked.  
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 83

Expert Comment

by:oBdA
ID: 12070105
From the GUI, that's a "per user" setting. if you create the same entry in HKLM, though, it should work as well (at least it did here, I just tried it).
The location is HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap; create a new key with the NetBIOS name of the server (assuming you're accessing the server with the NetBIOS name), then create a new REG_DWORD value named "*", with the data being "1".
The automatic inclusion of UNC paths doesn't really work reliably; it cost me some hairs, too.
0
 
LVL 1

Author Comment

by:mberryaz
ID: 12070786
oBda -

I will will try your suggestion.  Funny thing is that I completely uninstalled the IE-enhanced-security on the terminal server for both users and admin.  After which, admin can run UNC shortcuts just fine.  However TS users still get the file download warning and IE says IE-enhanced-security is still installed.  As a test I reinstalled it for both admin and users.  Immediatly admin got the warning with UNC links.  I took it off again and admin access was restored, but TS still stays IE-enhanced-security is installed.  How can this be?  Everything I am finding stats that removing IE-enhanced-security is easy.  Can anyone provide insight before I modify reg. manually?

Thanks -
0
 
LVL 1

Author Comment

by:mberryaz
ID: 12070794
Oh by the way....sorry I keep thinking of things afterwards.  I took the GPO out of the picture so I know the group policy isn't causing this.  My test account is a normal TS user.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 12077839
Could it be that for the users, the enhanced security is only the home page that's still set to the warning page?
Anyway, here's a bit more information about the enhanced security:

Intranet site is identified as an Internet site when you use an FQDN or an IP address
http://support.microsoft.com/?kbid=303650

Internet Explorer Enhanced Security Configuration Changes the Browsing Experience
http://support.microsoft.com/?kbid=815141
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 13899430
Mods - there appeats to be no answer, but oBdA has included some excellent resources should someone come along later with a similar issue.
0
 

Accepted Solution

by:
PAQ_Man earned 0 total points
ID: 13932593
PAQed with no points refunded (of 500)

PAQ_Man
Community Support Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
PXE question 7 76
SSIS package failing 3 78
Trust one-way issue 2 48
NTVDM encountered a hard error on Windows Server 2003 SP2 7 59
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now