Hello Drew:
You wrote on Tue, 20 Jun 2006 12:03:41 -0400:
D> Its really not that bad, just an extra prompt...
D> I have a few ADP files that I use for reporting off SQL Server (much
D> cheaper than Crystal Reports!), they are located on our network. On our
D> Intranet, there is a link to the ADP, like this,
D> file://///ServerName/Reports$/Clients/CliELP/CliELP.adp
D> When a user clicks this link, they are priompted with the "Do you want
D> to open or save this file?". This is the usual prompt, nothing
D> special... the user clicks Open and the startup form opens, when they
D> select a report to view and click Get Report, then the desired report
D> opens, but at the same time an "Internet Explorer - Security Warning"
D> box pops up, it says, it pops under the report, so most users don't see
D> it.
D> The publisher could not be verified. Are you sure you want to run this
D> software?
D> Name: CliELP.adp
D> Publisher: Unknown Publisher
D> There are 2 buttons, Run and Don't Run.
D> Mind you that the report is already opened, so any damage has already
D> been done... The user can view or print the report without answering the
D> prompt. Even if the user clicks Don't Run, it still runs...
I tried to reproduce it, but in my case when I clicked the file on intranet
page, I saw first security warning, I said "run", but then it showed another
security warning, now only with button "save". Said the default program
couldn't open it. Probably wanted me to specify mime type or something.
That said, I'd think that running programs from intranet is not a good idea,
exactly because of security matters. I may be wrong, but I'd think that
intranet is mainly for sharing documents, discussions etc., but not for
executables. Executables should rather live on a network share; in case of
adp project, specifically, they should rather live on user's local hard
drive.
What the web page said was basically right. Since the adp project indeed
does not have, and can't have, a security certificate, the publisher is
indeed unknown and indeed could not be verified. So the solution would be
probably in telling the client browser that it should trust intranet site
without certificates, i.e. putting intranet site in trusted zone.
Vadim Rapp