J
Jim Horvath
I have installed a client/server application on two WinXP Pro SP2
machines. The client machine maps a network drive to a shared folder on
the server and runs executable programs from the mapped folder.
Everything was fine while I tested the installation with both client and
server on the same subnet, but when I moved the client to a different
physical location (still in the same building, but across a router on a
different subnet) I began getting a security warning message upon
starting the program:
"The publisher could not be verified. Are you sure you want to run this
software?". [RUN] [CANCEL]
I don't want this warning confusing the users. This is not downloaded
software, it was installed from a CD and is fully licensed.
After searching the web, I've found several ways to bypass the warning.
These are:
1. Use the group policy editor to put .exe files in the low-risk category.
2. In Internet Explorer options, change the Internet Zone settings to
allow .exe files to run.
3. Run the program from a command line, i.e. "cmd /c X:application.exe"
I have verified that all three of these work, but #1 and #2 clearly put
the machine at risk and are therefore unacceptable. #3 is a clever
workaround, but it leaves a command window cluttering the desktop until
the application exits, and I suspect that eventually Microsoft will kill
this method in some future Windows Update (i.e. running exe's from a
command window bypasses security checks).
My question is why does WinXP consider the mapped drive to be in the
Internet Zone? So far I have found no way to convince it otherwise.
I have tried adding the server IP address to the list of trusted
websites in Internet Explorer. I tried explicitly listing it in the
"Local Intranet" advanced settings. Neither of these worked. I checked
all executable files on the server for the alternate data stream
"Zone.Identifier". I found no ADS on any of the files.
Can anybody tell me what I am missing?
Jim Horvath
jhorvath at keithley (the standard commercial suffix)
machines. The client machine maps a network drive to a shared folder on
the server and runs executable programs from the mapped folder.
Everything was fine while I tested the installation with both client and
server on the same subnet, but when I moved the client to a different
physical location (still in the same building, but across a router on a
different subnet) I began getting a security warning message upon
starting the program:
"The publisher could not be verified. Are you sure you want to run this
software?". [RUN] [CANCEL]
I don't want this warning confusing the users. This is not downloaded
software, it was installed from a CD and is fully licensed.
After searching the web, I've found several ways to bypass the warning.
These are:
1. Use the group policy editor to put .exe files in the low-risk category.
2. In Internet Explorer options, change the Internet Zone settings to
allow .exe files to run.
3. Run the program from a command line, i.e. "cmd /c X:application.exe"
I have verified that all three of these work, but #1 and #2 clearly put
the machine at risk and are therefore unacceptable. #3 is a clever
workaround, but it leaves a command window cluttering the desktop until
the application exits, and I suspect that eventually Microsoft will kill
this method in some future Windows Update (i.e. running exe's from a
command window bypasses security checks).
My question is why does WinXP consider the mapped drive to be in the
Internet Zone? So far I have found no way to convince it otherwise.
I have tried adding the server IP address to the list of trusted
websites in Internet Explorer. I tried explicitly listing it in the
"Local Intranet" advanced settings. Neither of these worked. I checked
all executable files on the server for the alternate data stream
"Zone.Identifier". I found no ADS on any of the files.
Can anybody tell me what I am missing?
Jim Horvath
jhorvath at keithley (the standard commercial suffix)