Windows Thread, Running an application over a DFS share in Technical; I've got a DFS domain based share that merges a load of server shares into one common share (i.e \domain.com\share) ...
1st July 2010, 03:29 PM #1
- Rep Power
Running an application over a DFS share
I've got a DFS domain based share that merges a load of server shares into one common share (i.e \\domain.com\share) and users have a drive letter mapped to that share. I've done this because we use a whitelist Software Restriction policy and the list of shares was making the policy rather large! All of the seperate shares are integrated into the DFS share so I only have to unblock that pathname.
Problem is, now when users run the application (pathname is using the DFS share drive letter) it runs OK, but they get the 'Publisher could not be verified' Security warning where you have to click Run or Cancel ('This file does not have a valid digital signature etc')
I've set the group policy to allow apps to run on the Intranet zone but it still happens. is there anything else I can do to stop this message appearing when running an application across a dfs share?
1st July 2010, 03:43 PM #2
Looks like you have done what I've seen suggested:
Group Policies: User Configuration - Administrative Templates - Windows Components - Attachment
Add "*.exe" to the "Inclusion list for **moderate** risk file types" setting.
I've also seen this suggested:
1st July 2010, 05:24 PM #3
- Rep Power
Hmm, I haven't changed the Attachment management in any policies.
After a little tinkering I've changed the group policy settings that Automatically detect intranet and also manually added the domain name into the Intranet Zones (sites to zones assignment list) and it seems to have worked.
Odd behaviour as the problem didn't occur when running the apps from the original shares (which they effectively still are!)
1st July 2010, 08:31 PM #4
That makes sense to me. To fix that or something similar (it's been a while) I've long been throwing these straight into the Trusted Zone: servername (NetBIOS), servername.example.com, *.example.com. In principle the second one is redundant because of the third one which I'm fairly sure I added for DFS shares (that wildcard does, or at least did, cover "\\example.com\..").
One of those "seems to work, I'll go back test it properly and then do it with more finesse, on a rainy day" things.
9th December 2010, 09:03 PM #5
- Rep Power
Thanks for the info Carvjo, was a snap to deploy via ZenWorks and GPO settings. Now I can freely run .bat files for software installations, registry changes, etc.
By CHR1S in forum Windows Server 2000/2003
Last Post: 22nd June 2010, 05:25 PM
By matt40k in forum Scripts
Last Post: 6th August 2009, 07:38 PM
Last Post: 17th March 2009, 01:48 PM
By Kyle in forum General Chat
Last Post: 9th November 2007, 12:43 PM
By BKGarry in forum Wireless Networks
Last Post: 6th February 2007, 10:59 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)