Cannot use remote executables after I upgraded to R2

I recently upgraded all of my servers to 2003 R2.  Ever since the upgrade I cannot run installers or executables that are stored on other servers.  This worked great before the upgrade.  I have a server that houses all of our program deployments and service packs and all my production servers have a mapped drive pointing to this specific server.  When I click on whatever I want to install I get the following:

"Windows cannot access the specified device, path, or file.  You may not have the appropiate permissions to access the item."

All permissions are set right and I get this same error with the enterprise Admin account.  I know it is not a permissions issue on the directory itself.

So what I have to do is copy the whole thing locally and run it after I go into the properties of the executable and hit the 'new' unblock button that R2 introduced.

I do I make R2 'let' me run remote executables...

Thank you for any help regarding the matter.
OHIgfrancisAsked:
Who is Participating?
 
PlaceboC6Connect With a Mentor Commented:
Try removing Internet Explorer Enhanced Security from the server under

Add/remove programs
Windows components

See if that helps.
0
 
madison perkinsNetwork AdministratorCommented:
have you tried adding the unc path to the IE trusted zone?
0
 
madison perkinsNetwork AdministratorCommented:
ignore my previous post.
unblock multiple files with a command line utility. its called streams and is avaiable @ technet.  
http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
madison perkinsNetwork AdministratorCommented:
Here is the original post that I found the reference to streams.
http://blogs.msdn.com/gblock/archive/2006/12/19/tips-steams-zones-vista-and-blocked-files-in-ie.aspx
0
 
OHIgfrancisAuthor Commented:
I have tried adding it to the trusted zones many different ways..
file://address
http://address

does not work..

This server had enhanced security on it before the R2 upgrade.  Do you think removing it will solve the issue, and if so do I add any vulnerability to my production servers by doing this?  I would have to then uninstall enhanced security on all 15 of my servers.  There has to be a way to shut this stupid feature off..
0
 
OHIgfrancisAuthor Commented:
If I am reading this article right that madperk posted, this 'workaround' would work for all files that I copy to the server.  I am not copying them to the server.  I want to run them from their remote locations to install them on the local server.  Please yell at me if I am wrong!
0
 
PlaceboC6Commented:
The way you shut it off is to uninstall it.  A quick task on each.  You can RDP into them and uninstall quickly.

Try it on one and see what happens.
0
 
madison perkinsNetwork AdministratorCommented:
the streams application will remove the "Unblock" button from each application and remove the problem that you have. for example you have 60 *.exe files on \\FILESERVER1\software that you need to remove the "unblock"option. copy the streams.exe file to the root of the software share. from the FILESERVER desktop or remote desktop of file server open a command prompt and navigate to the software directory and type streams -s -d *.exe.  any exe file in the root of the software folder or any folder within the software folder will no longer have the UNBLOCK option and will execute properly.
0
 
madison perkinsNetwork AdministratorCommented:
by removing the data stream attached to the *.exe file when you open the file from another workstation or server it no longer is flagged as a file that comes from another computer.  I just tested this against my software folder and it works.  I right clicked on an executable from my vista and XPSP2 workstation and looked at the unblocked button.  i then ran stream -s -d *.exe from a command prompt inside the software folder from the desktop of fileserver1.  now when i look at the properties of the file from the vista and xpsp2 workstations there is no longer an unblock button and the file works properly.  

more info to come about streams.
0
 
madison perkinsNetwork AdministratorCommented:
i have a file called vbsedit.exe in my software\wmi directory.  i downloaded the vbs editor application from the internet and dropped it into my software collection.  when i type stream f:\software\wmi\*.exe it returns the stream information from the file.  the stream is ...
f:\Software\WMI\vbsedit.exe:
   :Zone.Identifier:$DATA       26

DATA is the the volume name of the F drive on my server FILESERVER1  when i double click the file from FILESERVER1 the application installs because volume DATA is a local volume to that server.  when i map a drive to software  and run the file to install the application my computer (Vista, XPSP2 or Server 2003) looks at the streadata and finds that $DATA is not a local direcotry and is thus untrusted.  by clicking the "UNBLOCK" button you remove the  :Zone.Identifier:$DATA       26  stream information from the file.

the streams.exe application performs the same function against the exe file as clicking the unblock button. the nice part of streams is the -s option and the ability to use wildcards in the file name. aka streams -s -d f:\*.exe will remove the streams info from every exe file on the F drive.  
0
 
madison perkinsConnect With a Mentor Network AdministratorCommented:
Everything so far was how to fix the files you have already downloaded.  here is the way that you can strip out the zone information of file that you will download.  Group Policy

Open a cmd window.
gpedit.msc
Goto: User Configuration > Administrative Templates > Windows Components > Attachment Manager
Enable: Do not preserve zone information in file attachments.

there are other settings that you may want to play around with to get it just right for your environment.

the trust logic for file attachments looks interesting.  
0
 
PlaceboC6Commented:
Any updates on this?
0
 
madison perkinsNetwork AdministratorCommented:
The streams app and the group policy modifications will alieviate the situation.  I have tested and implimented solution in my environment.  looks like the author got side tracked.
0
 
OHIgfrancisAuthor Commented:
Thank you all for your help.  By removing enhanced security the problem went away.  i am also toying with the Group Policy setting as well.  Again thank you all for the help.
0
All Courses

From novice to tech pro — start learning today.