• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3994
  • Last Modified:

Open File - Security Warning from Terminal Server

Everytime i open a specific application from a network path i get a Security Warning that ask me if i want to run this file. Is there a way to remove this security warning and just have the computer run the application?
The application is being run on a windows 2008 Ent Terminal Server
0
mattolan
Asked:
mattolan
  • 9
  • 4
1 Solution
 
MightySWCommented:
Hi, you need to remove UAC (User account control).

Go here and do it with MSconfig.  It is easier.

http://www.trainsignaltraining.com/disable-uac-user-account-control-on-vista-and-server-2008/2008-12-18/

HTH
0
 
mattolanAuthor Commented:
that doesn't seem like the best solution to my problem. I don't even think this is UAC related. as you get the same prompt in windows xp sp2 if it is opening from an untrusted location.
0
 
MightySWCommented:
can you post a screen shot please?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
MightySWCommented:
Oh, I know what you are referring to now.

here you go:

** Instructions

NOTE: This procedure will change default security settings. See below for
details.

SIDE EFFECTS: After performing this procedure, you will have to go through
extra confirmation steps when using internet explorer's favorites pane to
delete items inside the links folder. This only affects IE (not Windows
Explorer or the links toolbar on your taskbar).

- Click start
- Type: cmd
- Right-click cmd.exe when it appears and click Run As Administrator
- Type the following commands exactly as shown, pressing enter after each
line:

cd %userprofile%\favorites
icacls links /setintegritylevel (CI)low

** Restoring default security settings

If you wish to restore the default security settings, follow these steps:

- Click start
- Type: cmd
- Right-click cmd.exe when it appears and click Run As Administrator
- Type the following commands exactly as shown, pressing enter after each
line:

cd %userprofile%\favorites
icacls links /setintegritylevel (OI)(CI)low

** More information

When IE7 is running in protected mode (default), it can only write files to
locations that have been marked as "low integrity". IE7 must ask for your
consent to write to any other locations. This helps to prevent hackers and
malware from taking over IE7 and using it to compromise your system.

Your favorites folder (and the links folder within) and most files that are
created, copied, or moved inside it are marked as "low integrity." This
allows IE7 to create and delete files inside of your favorites folder
without asking you for consent.

Since files marked with "low integrity" are modifiable by potentially
untrusted programs and webpages, Windows takes greater care when opening
these types of files, especially in the case of a shortcut.

The solution I gave will change the integrity level of items inside your
links folder from low to medium. This will allow them to open without
displaying the "Open File - Security Warning" prompt.
0
 
mattolanAuthor Commented:
I gave your suggestion a try. but no luck.

I attached a screen shot of my issue, take a look
Untitled.jpg
0
 
MightySWCommented:
Hi, try this then:

add \\server\sharename (where your S drive is mapped to) into your trusted sites within IE.
0
 
MightySWCommented:
Another way is:

start the Group Policy Editor (Start > Run, type
-gpedit.msc- and press OK) and go to:

-User Configuration > Administrative Templates > Windows Components >
Attachment Manager- then set -Inclusion list for low file types- to
Enabled and enter the file types you don't want to be warned about in
the box (for example: .exe).
0
 
mattolanAuthor Commented:
I have tried adding the drive to my trusted sites with no luck I also tried making the gpo change you suggested with no luck
0
 
MightySWCommented:
And you did all 3?

1) Add \\server\share to your trusted sites.

2) Set security for intranet sites to low.

3) Add your exe to exceptions list
0
 
MightySWCommented:
implemented at the same time?
0
 
MightySWCommented:
Also, you can create a batch file to start the application and use the batchfile as the startup program and let it start fast32.exe.
0
 
mattolanAuthor Commented:
yes I tried all 3 at the same time.

the batch file idea works. the only problem with that idea is that when I install the app on the client computers they get the ugly bat file icon instead of the programs icon. but I found a work around to this as well. I found a utility that will convert a bat file into and exe called bat_to_exe http://www.f2ko.de/English/b2e/download.php when converting to exe it allows you to specify an icon to use and then I am simply using this exe file in terminal server.

seems to have solved my issue
0
 
MightySWCommented:
Nice to know.  Good work
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now