Launching Applications And Unsafe Files
We have a 3rd-party system that uses an XBAP app, which is launched from Internet Explorer. More often than not, when it starts up, it displays an 'Unknown Publisher' warning:
To even run the application and get this far, it has to be part of IE's 'Trusted Sites'. Small flame scale demon soul 2. However, even with Launching applications and unsafe files set to Enabled, users are still prompted:
Does anyone know what setting needs to be configured to stop this prompt appearing, and more importantly what registry key(s) or Group Policy setting do we need to change so we can push this out across all users?
- Now on to the “Open File – Security Warning “, this is affected by the setting pictured above, “Launching applications and unsafe files”. Since this is a trusted zone we trust all the locations in this zone so we are happy to launch unsigned applications without a security warning. For some strange reason this setting is one of the.
- Turning the prompt off is involved. I added file//server-name to the trusted sites list in IE, and then also changed the 'launching applications and unsafe files' from Prompt to Enable. That solves the problem for me.
Launching programs and unsafe files: This policy setting controls whether or not the 'Open File - Security Warning' prompt is shown when launching executables or other unsafe files.
KenD1 Answer
Launching Applications And Unsafe Files Group Policy
You need to whitelist the specific Class ID of the Applet in Group Policy. You definitely don not want to whitelist all 'Unknown Publisher' Applets.
You can find the Class ID by opening the Manage Add-ons dialog in Internet Explorer. Class ID is a hidden column by default, it can be enabled by right-clicking a column header and selecting the Class ID column to display:
Armed with the Class ID GUID, the following location in Group Policy manages the handling of IE Add-ons as per their Class ID:
Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd-on Management
Here, you may create an array of Class IDs, and specify a Value setting the following:
- Value = 0. The add-on is disabled and your employees can’t change it.
- Value = 1. The add-on is enabled and your employees can’t change it.
- Value = 2. The add-on is enabled and your employees can change it.
Using the Values, you can specifically whitelist OR blacklist add-ons, and also give users flexibility to self-manage. If two add-ons conflict for some reason, you may need to specify a value of 2 so users can self-manage.
Reference: TechNet
blaughwblaughwNot the answer you're looking for? Browse other questions tagged windowsinternet-explorer or ask your own question.
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.
Policy path:
Scope:
Supported on:
Registry settings:
