Windows 2008 terminal server: msi was rejected by digital signature policy msi

Hi,

I have the error above after installing a plugin for Excel (msi) on a Windows 2008 R2 server (X64).
The path of the msi is included in the applocker executable rule. I found some articles but they refer to Windows 2003.
I prefer not to install a hotfix anyway, if needed I can but (as mentioned) articles which mention hotfix refer to Windows 2003.

Please advise.
J.
janhoedtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BlueComputeCommented:
Hi JanHoedt,

you say that you have added the path to the executable rule.  However the error message references digital signature policy (Publisher Rule).

If you have enabled a Publisher rule in applocker then you need to ensure the MSI is signed by an allowed Publisher.  File path has no effect on the Publisher rule...

Can you confirm whether you are using a Path rule or Publisher rule under the Windows Installer rule collection?

Also note that MSI files are not configured under the Executable rule collection but under the Windows Installer rule collection.
0
janhoedtAuthor Commented:
Thanks, I ll check!
0
janhoedtAuthor Commented:
Checked it, didn't work.
It is a Windows Installer rule which allows E:\sourefiles\
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

janhoedtAuthor Commented:
Note: installed size = 152 MB, it might be a problem that file is to big. There is a KB about it, however that's about Windows 2003,
0
BlueComputeCommented:
Hi JanHoedt,

EDIT:  Are you able to install any MSI packages on this machine?

Also, good overview of applocker logic:
http://www.windowsnetworking.com/articles-tutorials/windows-7/Introduction-AppLocker-Part1.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
janhoedtAuthor Commented:
Hi,

I did install the package with the administrator user on the Windows 2008 terminal server. However, when another user logs on, he gets the message stated in title of this ticket.
I is NOT applocker: fully disabled the applocker policy for windows installer.

It might be the certificate, but not familiar with that, how can I check that?

Regards,
J.
0
janhoedtAuthor Commented:
On the server which has the problem ".msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted"
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Excel

From novice to tech pro — start learning today.