My question is similar to this one from 09/14/2005
no digital signature warning - how to make it go away. Extremely Urgent
asked by chris_certified-nets on 09/14/2005 10:53AM PDT
I have a Windows Server 2003 terminal server allowing access to ONE app, Mas90 version 5.5. When the users launch the app they get an "Open File - Security Warning" that the app does not have a digital signature and prompts them to hit "run" to launch it. In Windows 2000 server there was a GP object ot make these not prompt and run transparently, but I can't find it in 2003. How can I make this not prompt but just run?
To add to the fun, I am here today only to set up this server and would like to not have to drive cross country back to fix it on another day, so lots of points for a fast answer.
The difference is that I am running Citrix Presentation Server on the Windows Server 2003 (SP1) terminal server and I am not running a single app, there are several including Microsoft Business Solutions - Solomon 5.50.2071.
The solution posted back then was to modify 2 HKCU keys:
1. HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Download\ RunInvalidSignatures
2. HKCU\ Software\ Policies\ Microsoft\ Internet Explorer\ Main\ CheckExeSignatures
I configured the first key but the second does not exist on my system. The problem was not cured by item 1 alone.
I did find a solution:
To disable the warning start the Group Policy Editor (Start > Run, type
-gpedit.msc- and press OK) and go to:
-User Configuration > Administrative Templates > Windows Components >
Attachment Manager- then set -Inclusion list for low file types- to
Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).
It indeed works! After this change the security notification doesn't appear any more when exe files are executed. However, any exe is now allowed to run on this server. This is dangerous.
Can anyone make the solution provided by Netman66 work, am I overlooking something?
Is there a different way to allow only apps that I (the admin) approve without the user having to click on the run link every time?