Preventing IE SP2 Security feature for local intranet

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello all,
We are running W2K Active Directory and have just started rolling out XP pro
with IE6 SP2. My problem is with the new security features in IE, which keep
prompting users when attempting to download software.
I would like to be able to configure IE so that it doesn't issue the prompt
"Unknown publisher" when attempting do download software from the internal
Intranet. I have attempting using Group Policy to configure a trusted sites
zone with the option "Don't prompt for client certificate selection when none
or only one is available" enabled for the zone. This does not seem to be
working, is there something I'm doing wrong, or does anybody have a solution
I could use.
Many thanks
Howard
 
howardmp said:
Hello all,
We are running W2K Active Directory and have just started rolling out XP pro
with IE6 SP2. My problem is with the new security features in IE, which keep
prompting users when attempting to download software.
I would like to be able to configure IE so that it doesn't issue the prompt
"Unknown publisher" when attempting do download software from the internal
Intranet. I have attempting using Group Policy to configure a trusted sites
zone with the option "Don't prompt for client certificate selection when none
or only one is available" enabled for the zone. This does not seem to be
working, is there something I'm doing wrong, or does anybody have a solution
I could use.
Many thanks
Howard
Click to expand...

Try adding your local domain (i.e. *.yourdomain.com) to the Local
Intranet Zone Tools...Internet Options...Security Tab... Local
Intranet...Sites...Advanced (add here).

You can also change this in the registry under HKLM or HKCU, depending
on if you want to affect all users or just the current user of the PC.
Here's what I use:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\Mydomainnamehere.net]
"*"=dword:00000001

I ran into this when users would try to run programs on a server in our
domain and they would get prompted with the "unknown publisher" message
and have to click "Run". You can also set a Group Policy setting under
the User section and Attachment manager by adding *.exe's or whatever
to the LOW security section. However, that is not my first choice
since it could allow an attacker to execute a EXE w/o any warnings.

Hope this helps!

Mario in Dallas, TX - MCSA W2k3
 
Back
Top