Insidethe.com It is my space, but better than myspace

17Jul/170

Bookmark: Running EXE Over UNC

https://social.technet.microsoft.com/Forums/windows/en-US/70b2dd7e-833c-4240-92e0-9b865e917307/trusted-sites-and-internet-zone-security-level-gpo-is-not-applying-in-windows-server-2008-r2?forum=winserverGP

Apparently, on server2008, despite a domain-wide GPO was applied dictating the trusted sites zone, it seemed to be NOT applied to server2008 !

More specifically, you can see in Internet Options, tab Security, a yellow info line stating that "Some settings are managed by your system administrator", but when checking the list with Trusted sites, this turns out to be empty !

The exact GPO setting I'm referring to:
Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page :
Site to Zone Assignment List     ENABLED
With (example):
http://*.myowncompany.com     2
http://*.microsoft.com                2

Despite this setting, when checking in IE on any Server2008, the list of sites in Trusted Zone is EMPTY !!

This is caused by the fact that by default Internet Explorer Enhanced Security Configuration  (IE ESC) is ENABLED for both users and administrators !

You can disable it for administrators:
Start > Administrative Tools > Server Manager
under Security Information, click Configure IE ESC

Under Administrators : click Off.
Now, after closing and reopening IE, you will find the list with Trusted Sites in place !

 

The correct step is this way: User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

“Site to Zone Assignment List” , click “Enable” and edit the list.

Add the site and the number two for Trusted Site. (1 = Intranet, 2 = trusted sites, 3 = Internet Zone and 4 = Restricted Site Zone.

To have a list like that (2 is for trusted site)

*.hotmail.com 2

*.outlook.com 2

*.bing.com 2

The PRO of that method:

- It standardizes all domain-joined computers as they will use the same list for everyone.

- It blocks users from entering new trusted sites. Though this can be a con for small offices or for Power Users wanting more autonomy.

The CON of this method:

- It block user for entering new trusted sites. This can be considered a PRO in big offices, as the list is standardized by the IT's team.

https://blogs.msdn.microsoft.com/microsoft_press/2014/04/14/from-the-mvps-setting-internet-explorer-trusted-site-settings-via-group-policy-object-in-windows-server-2012-r2/

 

Go to Group Policy and then expand:

 

Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

 

2.     On the right pane, double click Inclusion list for low file types.

3.     Click Enable.

4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

5.     Click OK.

 

Hope this helps.

 

Regards,

Linda

https://social.technet.microsoft.com/Forums/windows/en-US/5277371b-dea2-4a2b-802a-bbdc639f627f/disable-open-file-security-warning-unknown-publisher?forum=w7itprogeneral

 

Filed under: bookmark Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

Trackbacks are disabled.