Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 37532
  • Last Modified:

The publisher could not be verified - digital signature

My question is similar to this one from 09/14/2005

no digital signature warning - how to make it go away.  Extremely Urgent
asked by chris_certified-nets on 09/14/2005 10:53AM PDT  

I have a Windows Server 2003 terminal server allowing access to ONE app, Mas90 version 5.5.  When the users launch the app they get an "Open File - Security Warning" that the app does not have a digital signature and prompts them to hit "run" to launch it.  In Windows 2000 server there was a GP object ot make these not prompt and run transparently, but I can't find it in 2003.  How can I make this not prompt but just run?
To add to the fun, I am here today only to set up this server and would like to not have to drive cross country back to fix it on another day, so lots of points for a fast answer.

The difference is that I am running Citrix Presentation Server on the Windows Server 2003 (SP1) terminal server and I am not running a single app, there are several including Microsoft Business Solutions - Solomon 5.50.2071.

The solution posted back then was to modify 2 HKCU keys:

1.  HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Download\ RunInvalidSignatures

2.  HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Main\ CheckExeSignatures

I configured the first key but the second does not exist on my system.  The problem was not cured by item 1 alone.

I did find a solution:

To disable the warning start the Group Policy Editor (Start > Run, type
-gpedit.msc- and press OK) and go to:

-User Configuration > Administrative Templates > Windows Components > 
Attachment Manager- then set -Inclusion list for low file types- to
Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).

It indeed works! After this change the security notification doesn't appear any more when exe files are executed.  However,  any exe is now allowed to run on this server.  This is dangerous.

Can anyone make the solution provided by Netman66 work, am I overlooking something?
Is there a different way to allow only apps that I (the admin) approve without the user having to click on the run link every time?
  • 3
  • 3
1 Solution
mcsweenSr. Network AdministratorCommented:
You can allow this behavior a couple of ways.  I'm not sure which one(s) will work for you.

You can add the application to the exceptions list for the Windows Firewall (or just turn the firewall off)
You can add *.mydomain.local to the list of intranet sites in IE (this can be done with a GPO under User Config -->IE Maintenance)
You can create a batch file to start the application and use the batchfile as the startup program and let it start MAS90.
Bacth file line would read
Start X:\path\to\mas90\mas90.exe

Hope that one of these will help you!
mcsweenSr. Network AdministratorCommented:
FYI: The reason the last one works is because cmd.exe will start the file and the same check doesn't exist when using cmd.exe.  Seems like it would be exploitable though, good job MS!
langerkingAuthor Commented:
Thanks mcsween!  The windows firewall is turned off, sorry I didn't mention this.  It is the digital signature requirement:
   Open File - Security Warning
   The publisher could not be verified.  Are you sure you want to run this software?

Then you have to click the run button to launch.  It's not being blocked by the firewall

I will try to implement one of your other solutions

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

mcsweenSr. Network AdministratorCommented:
If it's not a firewall issue then IDK if my second solution will work, but I have personally used the third solution in some of my vbscripts (Calling cmd /c program.exe -switches) from my script instead of calling program.exe because of the same issue.

Good Luck and I hope you don't have to drive cross country again for this!
langerkingAuthor Commented:
The other thing I wanted to comment is that I am not running mas90.exe - I have no idea what this is - I was just referring to an earlier solution to a problem similar to mine.

The apps that I am running with this problem are: Solomon vs. 5.50.2071, Abra (HR and Payroll), Goldmine 6.0.

langerkingAuthor Commented:
Hi mcsween,
I accepted your answer - the third solution worked.  I can launch Solomon this way.  Thanks!

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now