UAC Prompt when UAC is turned off

I have a Windows 2008 R2 Terminal Server. We have a new program that prompts users for administrator credentials  every time they open it. "do you want to allow the following program from an unknown publisher"

I turned UAC off and rebooted and this prompt still comes up. Obviously I don't want to give them an administrator password.

The software was written by a large company so I am not sure why they are unknown.

I need to find a way to stop users from being  prompted
ajdratchAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
The company that wrote the application should have digitally signed it, you will need to get a certificate from them and install it into the computers "Trusted Publisher" cert store.

Turning UAC off won't stop the system from warning about untrusted software.
ajdratchAuthor Commented:
There has to be a way to stop that prompt. I can't call up the company and ask for a certificate.  Microsoft has to have provided a better solution than for me to give administrator passwords to all users or make them all administrators on the terminal server
Guy LidbetterCommented:
I'm sorry? But why cant you call up the company and ask for the cert?

They'll have one specifically for that app.

Against better judgement (Because it affects all files with these extensions listed) - create a new GPO applied to users OU:

 User Configuration / Administrative Templates / Windows Components / Attachment Manager
 
2.     On the right pane, double click Inclusion list for low file types.
3.     Click Enable.
4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.
5.     Click OK.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Guy LidbetterCommented:
Alternatively I found these options as well...

To fix the problem first change the group policy on the server then add the mapped drives into the security zone.
Change Group Policy
Run gpedit.msc on the terminal server
Locate the setting Computer Configuration, Administrative Templates, Internet Explorer, Security Zones: Use only machine settings, and set the option to “Enabled”
Note – this will make the IE zone settings the same for all users on the computer

Add UNC paths to Security Zone
Log in as an administrator on the terminal server
Click Start → Run → and type inetcpl.cpl
On the Security tab highlight Local intranet and click Sites
Make sure the Automatically detect intranet network is unchecked
Make sure Include all network paths (UNCs) is checked
Click Advanced
In the Add this website to the zone box, one at a time type every letter from f: through z: and click add. If the drive is mapped it will add in a UNC in the pattern file://VOLUME_NAME
When you are done close out and save your changes.
ajdratchAuthor Commented:
I tried inclusion  list for low file types but I still get a prompt. This would be a bad solution even if it worked because I allowing all exe  files to execute.

I had seen the internet explorer solution but this is a local program. It is in c:\program files\...

The company is lexis nexus and I would have no way of getting through to anyone that could help unless I spent days on the phone
ajdratchAuthor Commented:
also meant to add that the shortcut has the shield on the bottom right that makes it look like UAC is on.
Guy LidbetterCommented:
Oh Wait, I am being Daft here...

Right click the executable, go to "Digital Signatures", select the certificate and click "Details", then select "View Certificate".
When you have the Cert open click "install Certificate" and import it to the Local Machine > Trusted Publishers store.
Radhakrishnan RSenior Technical LeadCommented:
Hi,

I hope you have disabled the UAC from search bar>>User Account Control Settings>>Brought the slide bar down? this won't actually disable UAC properly some time.

The best method is to disable in registy;

Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System.
In the right-hand side, under Name, right-click EnableLUA and select Modify.
In the Value data field, change the value to 0.
Reboot the server to take efefct the new settings.

Hope this helps

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ajdratchAuthor Commented:
That fixed it. The EXE did not have an option for digital signature. I hate that I have to turn UAC off on a terminal server but since the other option MS gave me is to give everyone the administrator password,  I have no choice
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.