Hi Damian,
Thanks for update!
At this moment, as a workaround, I suggest you configure a Domain Group
Policy to Prevent clients from using Internet Explorer to download files
(browsing web sites is OK).
1) Edit GPO and go to User Configuration >> Windows Settings >> Internet
Explorer Maintenance >> Security >> Security Zones and Content Ratings
2) Check "Import the current security zones settings" under "Security
Zones" and click on "Modify Settings"
3) Select 'Internet' and click on "Custom Level"
4) Scroll down to 'Downloads' section and disable "File Download"
If there is anything that is unclear, please feel free to let me know.
Thanks & Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Bypassing download restrictions - it's easy!!!
| thread-index: AcVRYvu8e0HNmi1VQ0qo0WSFrRElBA==
| X-WBNR-Posting-Host: 193.128.28.145
| From: =?Utf-8?B?ZnVua3lk?= <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
| Subject: RE: Bypassing download restrictions - it's easy!!!
| Date: Thu, 5 May 2005 04:10:02 -0700
| Lines: 101
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:88974
| X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|
| Thanks Jason,
|
| The issue isn't that the file downloads - although Robertos method looks
| interesting - it's that the file isn't blocked immediatly once it has
| downloaded - until the user acknowledges that the file has been blocked,
they
| are free to make a copy of the file and then confirm the blocked file -
they
| then can open the copy they took.
|
| It would be more useful if IE had some sort of quarantine folder for
| downloaded files that the user doesn't have access to until whether the
file
| is allowed has been determined.
|
| Damian
|
|
| "Jason Tan (MSFT)" wrote:
|
| > Hi,
| >
| > Thanks for posting!
| >
| > I understand that you want to block the file from downloading. If I
have
| > misunderstood your concerns,please feel free to let me know.
| >
| > When you try to download or open a file from a Web site that is in the
| > restricted Web content zone, you may receive a message that indicates
that
| > the file is blocked.
| >
| > When you try to open high-risk file types from sites that belong to the
| > Internet Web content zone, you may receive a warning message, but you
may
| > be able to open these types of files.
| >
| > For more information, please refer to the following article:
| > Description of how the Attachment Manager works in Windows XP Service
Pack 2
| >
http://support.microsoft.com/default.aspx?scid=kb;en-us;883260
| >
| > I hope my information helps. If there is anything that is unclear,
please
| > feel free to let me know.
| >
| > Thanks & Regards,
| >
| > Jason Tan
| >
| > Microsoft Online Partner Support
| > Get Secure! -
www.microsoft.com/security
| >
| > =====================================================
| >
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| >
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > --------------------
| > | Thread-Topic: Bypassing download restrictions - it's easy!!!
| > | thread-index: AcVP+C9TVkqKvXSFRKyXIXOeZI81ug==
| > | X-WBNR-Posting-Host: 193.128.28.145
| > | From: "=?Utf-8?B?REd1bm5lcg==?=" <
[email protected]>
| > | Subject: Bypassing download restrictions - it's easy!!!
| > | Date: Tue, 3 May 2005 08:53:01 -0700
| > | Lines: 17
| > | Message-ID: <
[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.inetexplorer.ie6.browser:88752
| > | X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
| > |
| > | In GP I setup the attachment manager as follows:
| > |
| > | Default risk level for all attachments - High
| > | Inclusion list for high risk file types - .PDF
| > | Trust logic for file attachments - File handler and type
| > |
| > | Great - Now when people download pdf files they will be told they are
| > | dangerous and the dowenload removed. Or not.
| > |
| > | I noticed that whilst the prompt is on-scren, the user can just take
a
| > copy
| > | of the file and the copy remains whilst the original is deleted.
| > |
| > | Am I doing something wrong? Why does IE download the entire file
before
| > | deciding to block it?
| > |
| > | Is it not possible to simply say that if a file type is in the high
risk
| > | list not to even download it?
| > |
| >
| >
|