Re: Open file - security warning....How do I disable it?



Thank you for your help. I reposted the entire thread to the IE securuty
group and I will continue to experiment with settings in the event I figure
it out.

Thanks again,

"Roger Abell [MVP]" wrote:

You possibly should move this over to the IE security newsgroup,
as it is the security settings there that actually control behaviors
even for such as a simply UNC access.
To my understanding one only enters the server, not a deeper
mapping specification. Also, I do not follow what you are saying
about mapping a drive letter to a batch file.
Keep in mind that the dfs is only giving out a referral. The actual
server(s) with the shares likely need to also be listed.
IE internet options have both all user and per user settings.

"johnt" <johnt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:80F16D91-B7C0-4FDB-B38C-AD4A88828826@xxxxxxxxxxxxxxxx
Thank you very much for your reply, I appreciate your time,


Ok then. I want to be able to specify anything with a url that starts:
"\\domainname\dfs\<anyfolderand/orfile>"
so would I type "\\domainname\dfs\*" (I'm asking about the syntax this
dialog box likes)

Also, when I try to add the root domain folder, it allows me to do so
however when I try to add any of the individual folders under the main it
tells me that the location is already added to list of sites. So is IE
smart
enough to know that I mean all sub folders?

In order to test to see that it works, I log on as a standard user and
then
click on the icon for the program. It then gives me the file security
dialog
box again. The shortcut on the desktop is pointing to the R: drive. Let
me
explain.... The r:\ drive is a mapped drive letter for
"\\topleveldomain\dfs\allusersfolders\specificuserfolder\userbatchfile.bat"

Basically it's a mapped network drive share pointing to the batchfile that
starts the program they are supposed to use.

Also, the way that I add the domain to the list is being logged on as
administrator, however I then log in as a client and attempt to access the
file unsuccesfully. Are these settings user specific? Does a setting
exist
in Group Policy to disable this aspect of IEES or to turn it off
completely?
"Roger Abell [MVP]" wrote:

I believe that you can control the behavior through use of the
IE security settings (the IE adm templates are extensive).
Basically what you need to do is to make sure that the
\\domain and the sources \\servers to which DFS will refer
are recognized as being within the local intranet zone (and
that this still has settings to not do the prompting for intranet
zone sources)

"johnt" <johnt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0DA30DC8-7102-42A5-87CD-D57C49AB168A@xxxxxxxxxxxxxxxx
I would like to disable this feature for all users. Here is the
context

1. We are in the process of migrating to windows server 2003. We have
our data directories setup so that each client server accesses DFS
shares instead of directly talking to the servers that hold the client
data. The basic file system looks something like this:
\\domain\dfs\dfs_folder1
\\domain\dfs\dfs_folder2
\\domain\dfs\dfs_folder3
\\domain\dfs\dfs_folder4
\\domain\dfs\dfs_folder5 etc.........

When I click on certain .exe's or .bat's I notice that a dialog box
comes up for any user: open file - security warning.

I have already gone through the posts on this subject and I am able to
remove the warning if I go into gpedit.msc and then to the "User
configuration\attachment manager", I can specify a file type, ie. all
.exe's or all .bat's which doesn't help me because this appears to say
to ignore ANY .exe which is dangerous. I need the protection. I want
to be able to specify a list of permitted programs and have the
computer not ask me about them similar to creating an exception in the
windows XP firewall menus. The reason I think it is not working is
because gpedit.msc seems not to recognize the UNC names of my DFS
structure. "\\domain\dfs\share". I would love to be able to add a wild
card so it understands to treat the entire domain as intranet or local
and then remove security inside the network.

2. Next, I need to be able to make this a system wide adjustment
without going in the individual profies and making the changes all
across the network. I have also added the domain and all the servers
to the trusteds and local internet/intranet sites. Any viable solution
I find is a USER specific fix. I need to be able to run this GLOBALLY
meaning for everyone on the network including the system admins.

This would be great if either a .reg file existed or a script that I
could use in order to manualy add the exceptions, or disable the IEES
altogether. If we can keep it active great, but if it not then it is
certainly not the first priority.

1. My question is how can I set a group policy rule to allow programs
originating from inside the network wihtout this prompt






.



Relevant Pages

  • Re: Laptop wont connect to WiFi network with security settings
    ... wireless network unless I remove the security settings. ... The network adaptor is an Intel WiFi Link ... WPA: WPA-PSK The only other WPA available is with Radius ...
    (alt.sys.pc-clone.dell)
  • Re: Laptop wont connect to WiFi network with security settings
    ... wireless network unless I remove the security settings. ... It will connect OK when the security type is set to no authentication ... The network adaptor is an Intel WiFi Link 4965AGN. ... WPA: WPA-PSK The only other WPA available is with Radius ...
    (alt.sys.pc-clone.dell)
  • Re: Network drives - slow initial access
    ... Just to clarify the actual fix in this case, it was within Network control ... To think of all the settings I've changed on the server in the last month! ... And does this happen if an admin logs onto a workstation, ...
    (microsoft.public.windows.server.sbs)
  • Re: What would prevent an ISAPI extension from opening a socket on IIS 6?
    ... Both fail when they try to make that network ... I looked through the local security policy settings ... >> Are you talking about an ISAPI Extension or an ISAPI Filter? ... >> on your Windows Server 2003 but not your customer's? ...
    (microsoft.public.inetserver.iis.security)
  • Re: SceCli Error 1202 filling up the Event Log!
    ... > after restarting the Win2003 server, the secedit.sdb database does not get ... >>> security database and have it recreated. ... >>> configuration\windows settings\security settings, you should inventory ...
    (microsoft.public.win2000.advanced_server)