Security Warning when launching .exe files within Domain



Bryan L
07-10-2005, 03:09 AM
I have 30 workstations running XP Pro SP2 in a Server 2003 Domain. All
workstations were deployed with nearly identical sysprepped images (minor
differences in pre-installed applications by department). Most workstations
work flawlessly, but I'm having problems with machines deployed with a
particular image and I can't figure out what I did differently.

We have a few programs that reside on a network drive. The executables
reside on the share and the programs are run directly from it. Most of my
machines can launch those programs directly without incident. However,
launching the same programs from these "problem" machines results in an
"Open File - Security Warning " dialog box saying the publisher cannot be
verified, meaning the user must click "Run" to launch the program. It's as
though the workstation doesn't understand that the file resides within our
domain, and mistakenly thinks the source of the file is the internet.

Many of the Internet Properties > Security Tab settings are configured via
Group Policy for the entire domain, so I can't see how these workstations
could be different in that respect. There must be some setting somewhere
I'm overlooking. I've tried messing with the content advisor, adding the
UNC to the network share to the Approved Sites list, but to no avail. I'm
out of ideas. They can work around it by clicking "Run", but I'd like to
correct the problem.

Any takers?

Thanks in advance,

BJ

Shenan Stanley
07-10-2005, 03:09 AM
Bryan L wrote:
> I have 30 workstations running XP Pro SP2 in a Server 2003 Domain. All
> workstations were deployed with nearly identical sysprepped
> images (minor differences in pre-installed applications by
> department). Most workstations work flawlessly, but I'm having
> problems with machines deployed with a particular image and I can't
> figure out what I did differently.
> We have a few programs that reside on a network drive. The
> executables reside on the share and the programs are run directly
> from it. Most of my machines can launch those programs directly
> without incident. However, launching the same programs from these
> "problem" machines results in an "Open File - Security Warning "
> dialog box saying the publisher cannot be verified, meaning the user
> must click "Run" to launch the program. It's as though the
> workstation doesn't understand that the file resides within our
> domain, and mistakenly thinks the source of the file is the internet.
> Many of the Internet Properties > Security Tab settings are
> configured via Group Policy for the entire domain, so I can't see how
> these workstations could be different in that respect. There must be
> some setting somewhere I'm overlooking. I've tried messing with the
> content advisor, adding the UNC to the network share to the Approved
> Sites list, but to no avail. I'm out of ideas. They can work around
> it by clicking "Run", but I'd like to correct the problem.

Group Policy that sets the "Internet Explorer" --> "Tools" --> "Internet
Options" --> "Security" tab --> "Local Intranet" --> "Sites" button -->
"Advanced" --> add your domain name *.my.domain.com

--
Shenan Stanley
MS-MVP
--


Security Warning when launching .exe files within Domain