Inclusion List

[Guest]

When modifying this GPO. User Configuration>Administrative Templates>Windows
Components>Attachment Manager. Inclusion list for low file types.
I set this to enabled and specified one file that is in use comapny wide.
For example sbbwin.exe. Does this only let sbbwin.exe be executed with out
the prompt? Or is it ingoring the SBBWIN and allowing any EXE to be launched
without prompting?
Thank you

 

[Wesley Vogel]

It wants the file type, just the extension with a leading period, not the
filename.

Use just .exe

When you double click on Inclusion list for low file types and Enable it,
you get...

Specify low risk extensions (include a leading period, e.g. .bmp;.gif.

Inclusion list for low file types
[[This policy setting allows you to configure the list of low risk file
types. If the attachment is in the list of low risk file types, Windows will
not prompt the user before accessing the file, regardless of the file’s zone
information. This inclusion list overrides the list of high risk file types
built into Windows and has a lower precedence than the High or Medium risk
inclusion lists (where an extension is listed in more than one inclusion
list.)

If you enable this policy setting you can specify file types which pose a
low risk.

If you disable this policy setting Windows uses its default trust logic.

If you do not configure this policy setting Windows uses its default trust
logic.]]

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Hi thanks for your response, but I am trying to avoid letting all .exe files
through. All we need not to prompt is the sbbwin.exe. When specifying just
this file will it block the rest?
Is this the best way to specify a file that you do not want to be prompted
with the warning for?

It wants the file type, just the extension with a leading period, not the
filename.

Use just .exe

When you double click on Inclusion list for low file types and Enable it,
you get...

Specify low risk extensions (include a leading period, e.g. .bmp;.gif.

Inclusion list for low file types
[[This policy setting allows you to configure the list of low risk file
types. If the attachment is in the list of low risk file types, Windows will
not prompt the user before accessing the file, regardless of the file’s zone
information. This inclusion list overrides the list of high risk file types
built into Windows and has a lower precedence than the High or Medium risk
inclusion lists (where an extension is listed in more than one inclusion
list.)

If you enable this policy setting you can specify file types which pose a
low risk.

If you disable this policy setting Windows uses its default trust logic.

If you do not configure this policy setting Windows uses its default trust
logic.]]

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

When modifying this GPO. User Configuration>Administrative
Templates>Windows Components>Attachment Manager. Inclusion list for low
file types.
I set this to enabled and specified one file that is in use comapny wide.
For example sbbwin.exe. Does this only let sbbwin.exe be executed with
out the prompt? Or is it ingoring the SBBWIN and allowing any EXE to be
launched without prompting?
Thank you

 

[Wesley Vogel]

I do not know for sure, but if you include the filename it will probably not
work correctly.

Try it and find out.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Hi thanks for your response, but I am trying to avoid letting all .exe
files through. All we need not to prompt is the sbbwin.exe. When
specifying just this file will it block the rest?
Is this the best way to specify a file that you do not want to be prompted
with the warning for?

It wants the file type, just the extension with a leading period, not the
filename.

Use just .exe

When you double click on Inclusion list for low file types and Enable it,
you get...

Specify low risk extensions (include a leading period, e.g. .bmp;.gif.

Inclusion list for low file types
[[This policy setting allows you to configure the list of low risk file
types. If the attachment is in the list of low risk file types, Windows
will not prompt the user before accessing the file, regardless of the
file’s zone information. This inclusion list overrides the list of
high risk file types built into Windows and has a lower precedence than
the High or Medium risk inclusion lists (where an extension is listed in
more than one inclusion list.)

If you enable this policy setting you can specify file types which pose a
low risk.

If you disable this policy setting Windows uses its default trust logic.

If you do not configure this policy setting Windows uses its default
trust logic.]]

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

When modifying this GPO. User Configuration>Administrative
Templates>Windows Components>Attachment Manager. Inclusion list for low
file types.
I set this to enabled and specified one file that is in use comapny
wide. For example sbbwin.exe. Does this only let sbbwin.exe be
executed with out the prompt? Or is it ingoring the SBBWIN and
allowing any EXE to be launched without prompting?
Thank you

 

[Wesley Vogel]

That last post got away from me.

Afraid it's all .exe files or none.

Description of how the Attachment Manager works in Windows XP Service Pack 2
http://support.microsoft.com/kb/883260

Configure the Attachment Manager in Win XP SP2
http://smallvoid.com/tweak/windows/internet.html#WINXP_SP2_ATTACH

Unless maybe you get rid of the ADS zone crap for sbbwin.exe.

To get rid of Alternate Data Streams on any file, move to a non NTFS media,
like a floppy, a CD or a memory stick, and then move the file back to the
hard drive. ADS can only exist on NTFS formatted drives, moving or copying
files strips the files of the ADS crap.

I am not on a network, just one machine, so I have Group Policy | Do not
preserve zone information in file attachments Enabled.

User Configuration\Administrative Templates\Windows Components\Attachment
Manager

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Hi thanks for your response, but I am trying to avoid letting all .exe
files through. All we need not to prompt is the sbbwin.exe. When
specifying just this file will it block the rest?
Is this the best way to specify a file that you do not want to be prompted
with the warning for?

It wants the file type, just the extension with a leading period, not the
filename.

Use just .exe

When you double click on Inclusion list for low file types and Enable it,
you get...

Specify low risk extensions (include a leading period, e.g. .bmp;.gif.

Inclusion list for low file types
[[This policy setting allows you to configure the list of low risk file
types. If the attachment is in the list of low risk file types, Windows
will not prompt the user before accessing the file, regardless of the
file’s zone information. This inclusion list overrides the list of
high risk file types built into Windows and has a lower precedence than
the High or Medium risk inclusion lists (where an extension is listed in
more than one inclusion list.)

If you enable this policy setting you can specify file types which pose a
low risk.

If you disable this policy setting Windows uses its default trust logic.

If you do not configure this policy setting Windows uses its default
trust logic.]]

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

When modifying this GPO. User Configuration>Administrative
Templates>Windows Components>Attachment Manager. Inclusion list for low
file types.
I set this to enabled and specified one file that is in use comapny
wide. For example sbbwin.exe. Does this only let sbbwin.exe be
executed with out the prompt? Or is it ingoring the SBBWIN and
allowing any EXE to be launched without prompting?
Thank you