Re: Open file - security warning....How do I disable it?



You possibly should move this over to the IE security newsgroup,
as it is the security settings there that actually control behaviors
even for such as a simply UNC access.
To my understanding one only enters the server, not a deeper
mapping specification. Also, I do not follow what you are saying
about mapping a drive letter to a batch file.
Keep in mind that the dfs is only giving out a referral. The actual
server(s) with the shares likely need to also be listed.
IE internet options have both all user and per user settings.

"johnt" <johnt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:80F16D91-B7C0-4FDB-B38C-AD4A88828826@xxxxxxxxxxxxxxxx
Thank you very much for your reply, I appreciate your time,


Ok then. I want to be able to specify anything with a url that starts:
"\\domainname\dfs\<anyfolderand/orfile>"
so would I type "\\domainname\dfs\*" (I'm asking about the syntax this
dialog box likes)

Also, when I try to add the root domain folder, it allows me to do so
however when I try to add any of the individual folders under the main it
tells me that the location is already added to list of sites. So is IE
smart
enough to know that I mean all sub folders?

In order to test to see that it works, I log on as a standard user and
then
click on the icon for the program. It then gives me the file security
dialog
box again. The shortcut on the desktop is pointing to the R: drive. Let
me
explain.... The r:\ drive is a mapped drive letter for
"\\topleveldomain\dfs\allusersfolders\specificuserfolder\userbatchfile.bat"

Basically it's a mapped network drive share pointing to the batchfile that
starts the program they are supposed to use.

Also, the way that I add the domain to the list is being logged on as
administrator, however I then log in as a client and attempt to access the
file unsuccesfully. Are these settings user specific? Does a setting
exist
in Group Policy to disable this aspect of IEES or to turn it off
completely?
"Roger Abell [MVP]" wrote:

I believe that you can control the behavior through use of the
IE security settings (the IE adm templates are extensive).
Basically what you need to do is to make sure that the
\\domain and the sources \\servers to which DFS will refer
are recognized as being within the local intranet zone (and
that this still has settings to not do the prompting for intranet
zone sources)

"johnt" <johnt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0DA30DC8-7102-42A5-87CD-D57C49AB168A@xxxxxxxxxxxxxxxx
I would like to disable this feature for all users. Here is the
context

1. We are in the process of migrating to windows server 2003. We have
our data directories setup so that each client server accesses DFS
shares instead of directly talking to the servers that hold the client
data. The basic file system looks something like this:
\\domain\dfs\dfs_folder1
\\domain\dfs\dfs_folder2
\\domain\dfs\dfs_folder3
\\domain\dfs\dfs_folder4
\\domain\dfs\dfs_folder5 etc.........

When I click on certain .exe's or .bat's I notice that a dialog box
comes up for any user: open file - security warning.

I have already gone through the posts on this subject and I am able to
remove the warning if I go into gpedit.msc and then to the "User
configuration\attachment manager", I can specify a file type, ie. all
.exe's or all .bat's which doesn't help me because this appears to say
to ignore ANY .exe which is dangerous. I need the protection. I want
to be able to specify a list of permitted programs and have the
computer not ask me about them similar to creating an exception in the
windows XP firewall menus. The reason I think it is not working is
because gpedit.msc seems not to recognize the UNC names of my DFS
structure. "\\domain\dfs\share". I would love to be able to add a wild
card so it understands to treat the entire domain as intranet or local
and then remove security inside the network.

2. Next, I need to be able to make this a system wide adjustment
without going in the individual profies and making the changes all
across the network. I have also added the domain and all the servers
to the trusteds and local internet/intranet sites. Any viable solution
I find is a USER specific fix. I need to be able to run this GLOBALLY
meaning for everyone on the network including the system admins.

This would be great if either a .reg file existed or a script that I
could use in order to manualy add the exceptions, or disable the IEES
altogether. If we can keep it active great, but if it not then it is
certainly not the first priority.

1. My question is how can I set a group policy rule to allow programs
originating from inside the network wihtout this prompt





.



Relevant Pages

  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.windows.server.sbs)
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.windows.server.sbs)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.backoffice.smallbiz2000)