How do you prevent the security warning "unknown publisher" for all users?

[Guest Saucer Man]

When a user launches a RemoteAPP program, he gets an Open File - Security

Warning. It says "The publisher could not be verified. Are you sure you

want to run this software?" The dialog prompt refers to the drive letter

mapping and the .exe in question. How can I set up the terminal server so

these prompts do not happen to any user?

 

--

Thanks!

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Check if this helps:

 

When users start a RemoteApp, they get a dialog box: "a Website wants

to start a remote connection. The publisher of this remote connection

cannot be identified."

http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

 

"Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

> When a user launches a RemoteAPP program, he gets an Open File -

> Security Warning. It says "The publisher could not be verified.

> Are you sure you want to run this software?" The dialog prompt

> refers to the drive letter mapping and the .exe in question.

> How can I set up the terminal server so these prompts do not

> happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

We are not getting "a Website wants to start a remote connection". I don't

know if the Cert applies here. I thought it was a Group Policy referring to

trusted intranet sites that needs to be set. Am I wrong?

 

 

"Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

> Check if this helps:

>

> When users start a RemoteApp, they get a dialog box: "a Website wants

> to start a remote connection. The publisher of this remote connection

> cannot be identified."

> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> *----------- Please reply in newsgroup -------------*

>

> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>

>> When a user launches a RemoteAPP program, he gets an Open File -

>> Security Warning. It says "The publisher could not be verified.

>> Are you sure you want to run this software?" The dialog prompt

>> refers to the drive letter mapping and the .exe in question.

>> How can I set up the terminal server so these prompts do not

>> happen to any user?

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Then I would expect this message:

 

When users start a program, they get a "file download" dialog box,

or an error message: "Windows cannot access the specified device,

path, or file. You may not have the appropriate permissions to

access the item."

http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

 

but you can give it a try.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

microsoft.public.windows.terminal_services:

> We are not getting "a Website wants to start a remote

> connection". I don't know if the Cert applies here. I thought

> it was a Group Policy referring to trusted intranet sites that

> needs to be set. Am I wrong?

>

>

> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>> Check if this helps:

>>

>> When users start a RemoteApp, they get a dialog box: "a Website

>> wants to start a remote connection. The publisher of this

>> remote connection cannot be identified."

>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> *----------- Please reply in newsgroup -------------*

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>

>>> When a user launches a RemoteAPP program, he gets an Open File

>>> - Security Warning. It says "The publisher could not be

>>> verified.

>>> Are you sure you want to run this software?" The dialog

>>> prompt

>>> refers to the drive letter mapping and the .exe in question.

>>> How can I set up the terminal server so these prompts do not

>>> happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Here is the exact message...

 

 

 

Title Bar: Open File - Security Warning

Message: The publisher could not be verified. Are you sure you want to run

this software?

Name: u:\folder\program.exe

Publisher: Unknown Publisher

Type: Application

From: u:\folder\program.exe

 

Run button Cancel button

 

This file does not have a valid digital signature that verifies its

publisher. You should only run software from publishers you trust.

How can I decide what software to run?

 

 

 

....It doesn't mention website or file download.

 

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

> Then I would expect this message:

>

> When users start a program, they get a "file download" dialog box,

> or an error message: "Windows cannot access the specified device,

> path, or file. You may not have the appropriate permissions to

> access the item."

> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>

> but you can give it a try.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> We are not getting "a Website wants to start a remote

>> connection". I don't know if the Cert applies here. I thought

>> it was a Group Policy referring to trusted intranet sites that

>> needs to be set. Am I wrong?

>>

>>

>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>> Check if this helps:

>>>

>>> When users start a RemoteApp, they get a dialog box: "a Website

>>> wants to start a remote connection. The publisher of this

>>> remote connection cannot be identified."

>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing

>>>

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> *----------- Please reply in newsgroup -------------*

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>

>>>> When a user launches a RemoteAPP program, he gets an Open File

>>>> - Security Warning. It says "The publisher could not be

>>>> verified.

>>>> Are you sure you want to run this software?" The dialog

>>>> prompt

>>>> refers to the drive letter mapping and the .exe in question.

>>>> How can I set up the terminal server so these prompts do not

>>>> happen to any user?

>

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

But have you digitally signed your rdp files? Without that, you'll

not get rid of the warning.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

microsoft.public.windows.terminal_services:

> Here is the exact message...

>

>

>

> Title Bar: Open File - Security Warning

> Message: The publisher could not be verified. Are you sure you

> want to run this software?

> Name: u:\folder\program.exe

> Publisher: Unknown Publisher

> Type: Application

> From: u:\folder\program.exe

>

> Run button Cancel button

>

> This file does not have a valid digital signature that

> verifies its

> publisher. You should only run software from publishers you

> trust. How can I decide what software to run?

>

>

>

> ...It doesn't mention website or file download.

>

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>> Then I would expect this message:

>>

>> When users start a program, they get a "file download" dialog

>> box, or an error message: "Windows cannot access the specified

>> device, path, or file. You may not have the appropriate

>> permissions to access the item."

>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>

>> but you can give it a try.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> We are not getting "a Website wants to start a remote

>>> connection". I don't know if the Cert applies here. I

>>> thought it was a Group Policy referring to trusted intranet

>>> sites that needs to be set. Am I wrong?

>>>

>>>

>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>> Check if this helps:

>>>>

>>>> When users start a RemoteApp, they get a dialog box: "a

>>>> Website wants to start a remote connection. The publisher of

>>>> this remote connection cannot be identified."

>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signi

>>>> ng

>>>>

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> *----------- Please reply in newsgroup -------------*

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>

>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>> File - Security Warning. It says "The publisher could not

>>>>> be verified.

>>>>> Are you sure you want to run this software?" The dialog

>>>>> prompt

>>>>> refers to the drive letter mapping and the .exe in question.

>>>>> How can I set up the terminal server so these prompts do not

>>>>> happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

That's probably the issue. How do I digitally sign these .rdp files?

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

> But have you digitally signed your rdp files? Without that, you'll

> not get rid of the warning.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> Here is the exact message...

>>

>>

>>

>> Title Bar: Open File - Security Warning

>> Message: The publisher could not be verified. Are you sure you

>> want to run this software?

>> Name: u:\folder\program.exe

>> Publisher: Unknown Publisher

>> Type: Application

>> From: u:\folder\program.exe

>>

>> Run button Cancel button

>>

>> This file does not have a valid digital signature that

>> verifies its

>> publisher. You should only run software from publishers you

>> trust. How can I decide what software to run?

>>

>>

>>

>> ...It doesn't mention website or file download.

>>

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>> Then I would expect this message:

>>>

>>> When users start a program, they get a "file download" dialog

>>> box, or an error message: "Windows cannot access the specified

>>> device, path, or file. You may not have the appropriate

>>> permissions to access the item."

>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>

>>> but you can give it a try.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> We are not getting "a Website wants to start a remote

>>>> connection". I don't know if the Cert applies here. I

>>>> thought it was a Group Policy referring to trusted intranet

>>>> sites that needs to be set. Am I wrong?

>>>>

>>>>

>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>> Check if this helps:

>>>>>

>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>> Website wants to start a remote connection. The publisher of

>>>>> this remote connection cannot be identified."

>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signi

>>>>> ng

>>>>>

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> *----------- Please reply in newsgroup -------------*

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>

>>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>>> File - Security Warning. It says "The publisher could not

>>>>>> be verified.

>>>>>> Are you sure you want to run this software?" The dialog

>>>>>> prompt

>>>>>> refers to the drive letter mapping and the .exe in question.

>>>>>> How can I set up the terminal server so these prompts do not

>>>>>> happen to any user?

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

That's done in RemoteApp Manager. You'll have to get a certificate.

 

Terminal Services RemoteApp Step-By-Step Guide

http://technet2.microsoft.com/windowsserver2008/en/library/61d24255

-dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

microsoft.public.windows.terminal_services:

> That's probably the issue. How do I digitally sign these .rdp

> files?

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>> But have you digitally signed your rdp files? Without that,

>> you'll not get rid of the warning.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Here is the exact message...

>>>

>>>

>>>

>>> Title Bar: Open File - Security Warning

>>> Message: The publisher could not be verified. Are you sure

>>> you want to run this software?

>>> Name: u:\folder\program.exe

>>> Publisher: Unknown Publisher

>>> Type: Application

>>> From: u:\folder\program.exe

>>>

>>> Run button Cancel button

>>>

>>> This file does not have a valid digital signature that

>>> verifies its

>>> publisher. You should only run software from publishers you

>>> trust. How can I decide what software to run?

>>>

>>>

>>>

>>> ...It doesn't mention website or file download.

>>>

>>>

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>> Then I would expect this message:

>>>>

>>>> When users start a program, they get a "file download" dialog

>>>> box, or an error message: "Windows cannot access the

>>>> specified device, path, or file. You may not have the

>>>> appropriate permissions to access the item."

>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>

>>>> but you can give it a try.

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> We are not getting "a Website wants to start a remote

>>>>> connection". I don't know if the Cert applies here. I

>>>>> thought it was a Group Policy referring to trusted intranet

>>>>> sites that needs to be set. Am I wrong?

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>> wrote in message

>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>> Check if this helps:

>>>>>>

>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>> Website wants to start a remote connection. The publisher

>>>>>> of this remote connection cannot be identified."

>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig

>>>>>> ni ng

>>>>>>

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>

>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>

>>>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>>>> File - Security Warning. It says "The publisher could not

>>>>>>> be verified.

>>>>>>> Are you sure you want to run this software?" The dialog

>>>>>>> prompt

>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>> question. How can I set up the terminal server so these

>>>>>>> prompts do not happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Ok. I was asking about a Cert in another post. If I get a CERT from

GoDaddy for the TS Gateway, it should also work for digitally signing the

..rdp files correct?

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF3C94CAF82veranoesthemutforsse@207.46.248.16...

> That's done in RemoteApp Manager. You'll have to get a certificate.

>

> Terminal Services RemoteApp Step-By-Step Guide

> http://technet2.microsoft.com/windowsserver2008/en/library/61d24255

> -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> That's probably the issue. How do I digitally sign these .rdp

>> files?

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>> But have you digitally signed your rdp files? Without that,

>>> you'll not get rid of the warning.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> Here is the exact message...

>>>>

>>>>

>>>>

>>>> Title Bar: Open File - Security Warning

>>>> Message: The publisher could not be verified. Are you sure

>>>> you want to run this software?

>>>> Name: u:\folder\program.exe

>>>> Publisher: Unknown Publisher

>>>> Type: Application

>>>> From: u:\folder\program.exe

>>>>

>>>> Run button Cancel button

>>>>

>>>> This file does not have a valid digital signature that

>>>> verifies its

>>>> publisher. You should only run software from publishers you

>>>> trust. How can I decide what software to run?

>>>>

>>>>

>>>>

>>>> ...It doesn't mention website or file download.

>>>>

>>>>

>>>>

>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>> Then I would expect this message:

>>>>>

>>>>> When users start a program, they get a "file download" dialog

>>>>> box, or an error message: "Windows cannot access the

>>>>> specified device, path, or file. You may not have the

>>>>> appropriate permissions to access the item."

>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>

>>>>> but you can give it a try.

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>>> microsoft.public.windows.terminal_services:

>>>>>

>>>>>> We are not getting "a Website wants to start a remote

>>>>>> connection". I don't know if the Cert applies here. I

>>>>>> thought it was a Group Policy referring to trusted intranet

>>>>>> sites that needs to be set. Am I wrong?

>>>>>>

>>>>>>

>>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>>> wrote in message

>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>>> Check if this helps:

>>>>>>>

>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>> Website wants to start a remote connection. The publisher

>>>>>>> of this remote connection cannot be identified."

>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig

>>>>>>> ni ng

>>>>>>>

>>>>>>> _________________________________________________________

>>>>>>> Vera Noest

>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>

>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>>

>>>>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>>>>> File - Security Warning. It says "The publisher could not

>>>>>>>> be verified.

>>>>>>>> Are you sure you want to run this software?" The dialog

>>>>>>>> prompt

>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>> question. How can I set up the terminal server so these

>>>>>>>> prompts do not happen to any user?

>

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Did you read the Step-by-Step guide? The answers to all of your

questions are there:

 

If you are already using an SSL certificate for terminal server or

TS Gateway connections, you can use the same certificate to sign

..rdp files. However, if users will connect to RemoteApp programs

from public or home computers, you must use either of the

following:

 

* A certificate from a public certification authority (CA) that

participates in the Microsoft Root Certificate Program Members

program (http://go.microsoft.com/fwlink/?LinkID=59547).

 

* If you are using an enterprise CA, your enterprise CA-issued

certificate must be co-signed by a public CA that participates in

the Microsoft Root Certification Program Members program.

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 07 aug 2008 in

microsoft.public.windows.terminal_services:

> Ok. I was asking about a Cert in another post. If I get a CERT

> from GoDaddy for the TS Gateway, it should also work for

> digitally signing the .rdp files correct?

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AF3C94CAF82veranoesthemutforsse@207.46.248.16...

>> That's done in RemoteApp Manager. You'll have to get a

>> certificate.

>>

>> Terminal Services RemoteApp Step-By-Step Guide

>> http://technet2.microsoft.com/windowsserver2008/en/library/61d24

>> 255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> That's probably the issue. How do I digitally sign these .rdp

>>> files?

>>>

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>> But have you digitally signed your rdp files? Without that,

>>>> you'll not get rid of the warning.

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> Here is the exact message...

>>>>>

>>>>>

>>>>>

>>>>> Title Bar: Open File - Security Warning

>>>>> Message: The publisher could not be verified. Are you sure

>>>>> you want to run this software?

>>>>> Name: u:\folder\program.exe

>>>>> Publisher: Unknown Publisher

>>>>> Type: Application

>>>>> From: u:\folder\program.exe

>>>>>

>>>>> Run button Cancel

>>>>> button

>>>>>

>>>>> This file does not have a valid digital signature that

>>>>> verifies its

>>>>> publisher. You should only run software from publishers you

>>>>> trust. How can I decide what software to run?

>>>>>

>>>>>

>>>>>

>>>>> ...It doesn't mention website or file download.

>>>>>

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>> wrote in message

>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>> Then I would expect this message:

>>>>>>

>>>>>> When users start a program, they get a "file download"

>>>>>> dialog box, or an error message: "Windows cannot access the

>>>>>> specified device, path, or file. You may not have the

>>>>>> appropriate permissions to access the item."

>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>

>>>>>> but you can give it a try.

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>

>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>>>> microsoft.public.windows.terminal_services:

>>>>>>

>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>

>>>>>>>

>>>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>>>> wrote in message

>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>>>> Check if this helps:

>>>>>>>>

>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>> Website wants to start a remote connection. The publisher

>>>>>>>> of this remote connection cannot be identified."

>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s

>>>>>>>> ig ni ng

>>>>>>>>

>>>>>>>> _________________________________________________________

>>>>>>>> Vera Noest

>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>

>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>>>

>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>> could not be verified.

>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>> dialog prompt

>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>> question. How can I set up the terminal server so these

>>>>>>>>> prompts do not happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Yes, I did read it. And it is this paragraph that is a bit confusing...

> If you are already using an SSL certificate for terminal server or

> TS Gateway connections, you can use the same certificate to sign

> .rdp files. However, if users will connect to RemoteApp programs

> from public or home computers, you must use either of the

> following:

>

> * A certificate from a public certification authority (CA) that

> participates in the Microsoft Root Certificate Program Members

> program (http://go.microsoft.com/fwlink/?LinkID=59547).

 

 

We do have users that will connect from home computers and we are purchasing

a GoDaddy CERT for the TS Gateway. GoDaddy is on the list but it is not

clear to me if because I have home computers connecting, I will need a

different CERT from that list.

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF3912AF5567veranoesthemutforsse@207.46.248.16...

> Did you read the Step-by-Step guide? The answers to all of your

> questions are there:

>

> If you are already using an SSL certificate for terminal server or

> TS Gateway connections, you can use the same certificate to sign

> .rdp files. However, if users will connect to RemoteApp programs

> from public or home computers, you must use either of the

> following:

>

> * A certificate from a public certification authority (CA) that

> participates in the Microsoft Root Certificate Program Members

> program (http://go.microsoft.com/fwlink/?LinkID=59547).

>

> * If you are using an enterprise CA, your enterprise CA-issued

> certificate must be co-signed by a public CA that participates in

> the Microsoft Root Certification Program Members program.

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 07 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> Ok. I was asking about a Cert in another post. If I get a CERT

>> from GoDaddy for the TS Gateway, it should also work for

>> digitally signing the .rdp files correct?

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF3C94CAF82veranoesthemutforsse@207.46.248.16...

>>> That's done in RemoteApp Manager. You'll have to get a

>>> certificate.

>>>

>>> Terminal Services RemoteApp Step-By-Step Guide

>>> http://technet2.microsoft.com/windowsserver2008/en/library/61d24

>>> 255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

>>>

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> That's probably the issue. How do I digitally sign these .rdp

>>>> files?

>>>>

>>>>

>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>>> But have you digitally signed your rdp files? Without that,

>>>>> you'll not get rid of the warning.

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>>> microsoft.public.windows.terminal_services:

>>>>>

>>>>>> Here is the exact message...

>>>>>>

>>>>>>

>>>>>>

>>>>>> Title Bar: Open File - Security Warning

>>>>>> Message: The publisher could not be verified. Are you sure

>>>>>> you want to run this software?

>>>>>> Name: u:\folder\program.exe

>>>>>> Publisher: Unknown Publisher

>>>>>> Type: Application

>>>>>> From: u:\folder\program.exe

>>>>>>

>>>>>> Run button Cancel

>>>>>> button

>>>>>>

>>>>>> This file does not have a valid digital signature that

>>>>>> verifies its

>>>>>> publisher. You should only run software from publishers you

>>>>>> trust. How can I decide what software to run?

>>>>>>

>>>>>>

>>>>>>

>>>>>> ...It doesn't mention website or file download.

>>>>>>

>>>>>>

>>>>>>

>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>>> wrote in message

>>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>>> Then I would expect this message:

>>>>>>>

>>>>>>> When users start a program, they get a "file download"

>>>>>>> dialog box, or an error message: "Windows cannot access the

>>>>>>> specified device, path, or file. You may not have the

>>>>>>> appropriate permissions to access the item."

>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>>

>>>>>>> but you can give it a try.

>>>>>>> _________________________________________________________

>>>>>>> Vera Noest

>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>

>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>>>>> microsoft.public.windows.terminal_services:

>>>>>>>

>>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>>

>>>>>>>>

>>>>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>>>>> wrote in message

>>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>>>>> Check if this helps:

>>>>>>>>>

>>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>>> Website wants to start a remote connection. The publisher

>>>>>>>>> of this remote connection cannot be identified."

>>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s

>>>>>>>>> ig ni ng

>>>>>>>>>

>>>>>>>>> _________________________________________________________

>>>>>>>>> Vera Noest

>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>>

>>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>>>>

>>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>>> could not be verified.

>>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>>> dialog prompt

>>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>>> question. How can I set up the terminal server so these

>>>>>>>>>> prompts do not happen to any user?

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

GoDaddy is on the list, so a certifcate from them is OK for both

purposes.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 07 aug 2008 in

microsoft.public.windows.terminal_services:

> Yes, I did read it. And it is this paragraph that is a bit

> confusing...

>

>> If you are already using an SSL certificate for terminal server

>> or TS Gateway connections, you can use the same certificate to

>> sign .rdp files. However, if users will connect to RemoteApp

>> programs from public or home computers, you must use either of

>> the following:

>>

>> * A certificate from a public certification authority (CA) that

>> participates in the Microsoft Root Certificate Program Members

>> program (http://go.microsoft.com/fwlink/?LinkID=59547).

>

>

> We do have users that will connect from home computers and we

> are purchasing a GoDaddy CERT for the TS Gateway. GoDaddy is on

> the list but it is not clear to me if because I have home

> computers connecting, I will need a different CERT from that

> list.

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AF3912AF5567veranoesthemutforsse@207.46.248.16...

>> Did you read the Step-by-Step guide? The answers to all of your

>> questions are there:

>>

>> If you are already using an SSL certificate for terminal server

>> or TS Gateway connections, you can use the same certificate to

>> sign .rdp files. However, if users will connect to RemoteApp

>> programs from public or home computers, you must use either of

>> the following:

>>

>> * A certificate from a public certification authority (CA) that

>> participates in the Microsoft Root Certificate Program Members

>> program (http://go.microsoft.com/fwlink/?LinkID=59547).

>>

>> * If you are using an enterprise CA, your enterprise CA-issued

>> certificate must be co-signed by a public CA that participates

>> in the Microsoft Root Certification Program Members program.

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 07 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Ok. I was asking about a Cert in another post. If I get a

>>> CERT from GoDaddy for the TS Gateway, it should also work for

>>> digitally signing the .rdp files correct?

>>>

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9AF3C94CAF82veranoesthemutforsse@207.46.248.16...

>>>> That's done in RemoteApp Manager. You'll have to get a

>>>> certificate.

>>>>

>>>> Terminal Services RemoteApp Step-By-Step Guide

>>>> http://technet2.microsoft.com/windowsserver2008/en/library/61d

>>>> 24 255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

>>>>

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> That's probably the issue. How do I digitally sign these

>>>>> .rdp files?

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>> wrote in message

>>>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>>>> But have you digitally signed your rdp files? Without that,

>>>>>> you'll not get rid of the warning.

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>

>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>>>> microsoft.public.windows.terminal_services:

>>>>>>

>>>>>>> Here is the exact message...

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> Title Bar: Open File - Security Warning

>>>>>>> Message: The publisher could not be verified. Are you

>>>>>>> sure you want to run this software?

>>>>>>> Name: u:\folder\program.exe

>>>>>>> Publisher: Unknown Publisher

>>>>>>> Type: Application

>>>>>>> From: u:\folder\program.exe

>>>>>>>

>>>>>>> Run button Cancel

>>>>>>> button

>>>>>>>

>>>>>>> This file does not have a valid digital signature that

>>>>>>> verifies its

>>>>>>> publisher. You should only run software from publishers

>>>>>>> you trust. How can I decide what software to run?

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> ...It doesn't mention website or file download.

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>>>> wrote in message

>>>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>>>> Then I would expect this message:

>>>>>>>>

>>>>>>>> When users start a program, they get a "file download"

>>>>>>>> dialog box, or an error message: "Windows cannot access

>>>>>>>> the specified device, path, or file. You may not have the

>>>>>>>> appropriate permissions to access the item."

>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>>>

>>>>>>>> but you can give it a try.

>>>>>>>> _________________________________________________________

>>>>>>>> Vera Noest

>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>>

>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008

>>>>>>>> in microsoft.public.windows.terminal_services:

>>>>>>>>

>>>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>>>

>>>>>>>>>

>>>>>>>>> "Vera Noest [MVP]"

>>>>>>>>> <Vera.Noest@remove-this.hem.utfors.se> wrote in message

>>>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16..

>>>>>>>>> .

>>>>>>>>>> Check if this helps:

>>>>>>>>>>

>>>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>>>> Website wants to start a remote connection. The

>>>>>>>>>> publisher of this remote connection cannot be

>>>>>>>>>> identified."

>>>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp

>>>>>>>>>> _s ig ni ng

>>>>>>>>>>

>>>>>>>>>> ________________________________________________________

>>>>>>>>>> _ Vera Noest

>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>>>

>>>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug

>>>>>>>>>> 2008:

>>>>>>>>>>

>>>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>>>> could not be verified.

>>>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>>>> dialog prompt

>>>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>>>> question. How can I set up the terminal server so

>>>>>>>>>>> these prompts do not happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Thank you!

 

Rich

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF3D7BB03FE6veranoesthemutforsse@207.46.248.16...

> GoDaddy is on the list, so a certifcate from them is OK for both

> purposes.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 07 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> Yes, I did read it. And it is this paragraph that is a bit

>> confusing...

>>

>>> If you are already using an SSL certificate for terminal server

>>> or TS Gateway connections, you can use the same certificate to

>>> sign .rdp files. However, if users will connect to RemoteApp

>>> programs from public or home computers, you must use either of

>>> the following:

>>>

>>> * A certificate from a public certification authority (CA) that

>>> participates in the Microsoft Root Certificate Program Members

>>> program (http://go.microsoft.com/fwlink/?LinkID=59547).

>>

>>

>> We do have users that will connect from home computers and we

>> are purchasing a GoDaddy CERT for the TS Gateway. GoDaddy is on

>> the list but it is not clear to me if because I have home

>> computers connecting, I will need a different CERT from that

>> list.

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF3912AF5567veranoesthemutforsse@207.46.248.16...

>>> Did you read the Step-by-Step guide? The answers to all of your

>>> questions are there:

>>>

>>> If you are already using an SSL certificate for terminal server

>>> or TS Gateway connections, you can use the same certificate to

>>> sign .rdp files. However, if users will connect to RemoteApp

>>> programs from public or home computers, you must use either of

>>> the following:

>>>

>>> * A certificate from a public certification authority (CA) that

>>> participates in the Microsoft Root Certificate Program Members

>>> program (http://go.microsoft.com/fwlink/?LinkID=59547).

>>>

>>> * If you are using an enterprise CA, your enterprise CA-issued

>>> certificate must be co-signed by a public CA that participates

>>> in the Microsoft Root Certification Program Members program.

>>>

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 07 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> Ok. I was asking about a Cert in another post. If I get a

>>>> CERT from GoDaddy for the TS Gateway, it should also work for

>>>> digitally signing the .rdp files correct?

>>>>

>>>>

>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF3C94CAF82veranoesthemutforsse@207.46.248.16...

>>>>> That's done in RemoteApp Manager. You'll have to get a

>>>>> certificate.

>>>>>

>>>>> Terminal Services RemoteApp Step-By-Step Guide

>>>>> http://technet2.microsoft.com/windowsserver2008/en/library/61d

>>>>> 24 255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

>>>>>

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>>> microsoft.public.windows.terminal_services:

>>>>>

>>>>>> That's probably the issue. How do I digitally sign these

>>>>>> .rdp files?

>>>>>>

>>>>>>

>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>>> wrote in message

>>>>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>>>>> But have you digitally signed your rdp files? Without that,

>>>>>>> you'll not get rid of the warning.

>>>>>>> _________________________________________________________

>>>>>>> Vera Noest

>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>

>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>>>>> microsoft.public.windows.terminal_services:

>>>>>>>

>>>>>>>> Here is the exact message...

>>>>>>>>

>>>>>>>>

>>>>>>>>

>>>>>>>> Title Bar: Open File - Security Warning

>>>>>>>> Message: The publisher could not be verified. Are you

>>>>>>>> sure you want to run this software?

>>>>>>>> Name: u:\folder\program.exe

>>>>>>>> Publisher: Unknown Publisher

>>>>>>>> Type: Application

>>>>>>>> From: u:\folder\program.exe

>>>>>>>>

>>>>>>>> Run button Cancel

>>>>>>>> button

>>>>>>>>

>>>>>>>> This file does not have a valid digital signature that

>>>>>>>> verifies its

>>>>>>>> publisher. You should only run software from publishers

>>>>>>>> you trust. How can I decide what software to run?

>>>>>>>>

>>>>>>>>

>>>>>>>>

>>>>>>>> ...It doesn't mention website or file download.

>>>>>>>>

>>>>>>>>

>>>>>>>>

>>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>>>>> wrote in message

>>>>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>>>>> Then I would expect this message:

>>>>>>>>>

>>>>>>>>> When users start a program, they get a "file download"

>>>>>>>>> dialog box, or an error message: "Windows cannot access

>>>>>>>>> the specified device, path, or file. You may not have the

>>>>>>>>> appropriate permissions to access the item."

>>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>>>>

>>>>>>>>> but you can give it a try.

>>>>>>>>> _________________________________________________________

>>>>>>>>> Vera Noest

>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>>>

>>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008

>>>>>>>>> in microsoft.public.windows.terminal_services:

>>>>>>>>>

>>>>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>>>>

>>>>>>>>>>

>>>>>>>>>> "Vera Noest [MVP]"

>>>>>>>>>> <Vera.Noest@remove-this.hem.utfors.se> wrote in message

>>>>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16..

>>>>>>>>>> .

>>>>>>>>>>> Check if this helps:

>>>>>>>>>>>

>>>>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>>>>> Website wants to start a remote connection. The

>>>>>>>>>>> publisher of this remote connection cannot be

>>>>>>>>>>> identified."

>>>>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp

>>>>>>>>>>> _s ig ni ng

>>>>>>>>>>>

>>>>>>>>>>> ________________________________________________________

>>>>>>>>>>> _ Vera Noest

>>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>>>>

>>>>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug

>>>>>>>>>>> 2008:

>>>>>>>>>>>

>>>>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>>>>> could not be verified.

>>>>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>>>>> dialog prompt

>>>>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>>>>> question. How can I set up the terminal server so

>>>>>>>>>>>> these prompts do not happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Vera, I installed a cert and I am now digitally signing my .rdp files.

However, I am now getting an error and I can no longer connect to the

terminal server with them. I created a new thread called "Problem digitally

signing .rdp files" on 8/27. Could you offer some insight please?

 

Thanks.

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

> But have you digitally signed your rdp files? Without that, you'll

> not get rid of the warning.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> Here is the exact message...

>>

>>

>>

>> Title Bar: Open File - Security Warning

>> Message: The publisher could not be verified. Are you sure you

>> want to run this software?

>> Name: u:\folder\program.exe

>> Publisher: Unknown Publisher

>> Type: Application

>> From: u:\folder\program.exe

>>

>> Run button Cancel button

>>

>> This file does not have a valid digital signature that

>> verifies its

>> publisher. You should only run software from publishers you

>> trust. How can I decide what software to run?

>>

>>

>>

>> ...It doesn't mention website or file download.

>>

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>> Then I would expect this message:

>>>

>>> When users start a program, they get a "file download" dialog

>>> box, or an error message: "Windows cannot access the specified

>>> device, path, or file. You may not have the appropriate

>>> permissions to access the item."

>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>

>>> but you can give it a try.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> We are not getting "a Website wants to start a remote

>>>> connection". I don't know if the Cert applies here. I

>>>> thought it was a Group Policy referring to trusted intranet

>>>> sites that needs to be set. Am I wrong?

>>>>

>>>>

>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>> Check if this helps:

>>>>>

>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>> Website wants to start a remote connection. The publisher of

>>>>> this remote connection cannot be identified."

>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signi

>>>>> ng

>>>>>

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> *----------- Please reply in newsgroup -------------*

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>

>>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>>> File - Security Warning. It says "The publisher could not

>>>>>> be verified.

>>>>>> Are you sure you want to run this software?" The dialog

>>>>>> prompt

>>>>>> refers to the drive letter mapping and the .exe in question.

>>>>>> How can I set up the terminal server so these prompts do not

>>>>>> happen to any user?

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

OK, let's continue in the new thread, has a more appropriate

subject line.

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

 

"Saucer Man" <saucerman@nospam.com> wrote on 28 aug 2008 in

microsoft.public.windows.terminal_services:

> Vera, I installed a cert and I am now digitally signing my .rdp

> files. However, I am now getting an error and I can no longer

> connect to the terminal server with them. I created a new

> thread called "Problem digitally signing .rdp files" on 8/27.

> Could you offer some insight please?

>

> Thanks.

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>> But have you digitally signed your rdp files? Without that,

>> you'll not get rid of the warning.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Here is the exact message...

>>>

>>>

>>>

>>> Title Bar: Open File - Security Warning

>>> Message: The publisher could not be verified. Are you sure

>>> you want to run this software?

>>> Name: u:\folder\program.exe

>>> Publisher: Unknown Publisher

>>> Type: Application

>>> From: u:\folder\program.exe

>>>

>>> Run button Cancel button

>>>

>>> This file does not have a valid digital signature that

>>> verifies its

>>> publisher. You should only run software from publishers you

>>> trust. How can I decide what software to run?

>>>

>>>

>>>

>>> ...It doesn't mention website or file download.

>>>

>>>

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>> Then I would expect this message:

>>>>

>>>> When users start a program, they get a "file download" dialog

>>>> box, or an error message: "Windows cannot access the

>>>> specified device, path, or file. You may not have the

>>>> appropriate permissions to access the item."

>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>

>>>> but you can give it a try.

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> We are not getting "a Website wants to start a remote

>>>>> connection". I don't know if the Cert applies here. I

>>>>> thought it was a Group Policy referring to trusted intranet

>>>>> sites that needs to be set. Am I wrong?

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>> wrote in message

>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>> Check if this helps:

>>>>>>

>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>> Website wants to start a remote connection. The publisher

>>>>>> of this remote connection cannot be identified."

>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig

>>>>>> ni ng

>>>>>>

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>

>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>

>>>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>>>> File - Security Warning. It says "The publisher could not

>>>>>>> be verified.

>>>>>>> Are you sure you want to run this software?" The dialog

>>>>>>> prompt

>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>> question. How can I set up the terminal server so these

>>>>>>> prompts do not happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

OK. Now that the .rdp files are working again, we are still getting the

security warning. The .rdp file points to an .exe. This .exe is our

accounting software and it launches different .exes from within. Whenever

it launches the other .exes, these warnings prompt the user. Any ideas?

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9B08E39CA3C01veranoesthemutforsse@207.46.248.16...

> OK, let's continue in the new thread, has a more appropriate

> subject line.

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

>

> "Saucer Man" <saucerman@nospam.com> wrote on 28 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> Vera, I installed a cert and I am now digitally signing my .rdp

>> files. However, I am now getting an error and I can no longer

>> connect to the terminal server with them. I created a new

>> thread called "Problem digitally signing .rdp files" on 8/27.

>> Could you offer some insight please?

>>

>> Thanks.

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>> But have you digitally signed your rdp files? Without that,

>>> you'll not get rid of the warning.

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> Here is the exact message...

>>>>

>>>>

>>>>

>>>> Title Bar: Open File - Security Warning

>>>> Message: The publisher could not be verified. Are you sure

>>>> you want to run this software?

>>>> Name: u:\folder\program.exe

>>>> Publisher: Unknown Publisher

>>>> Type: Application

>>>> From: u:\folder\program.exe

>>>>

>>>> Run button Cancel button

>>>>

>>>> This file does not have a valid digital signature that

>>>> verifies its

>>>> publisher. You should only run software from publishers you

>>>> trust. How can I decide what software to run?

>>>>

>>>>

>>>>

>>>> ...It doesn't mention website or file download.

>>>>

>>>>

>>>>

>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>> Then I would expect this message:

>>>>>

>>>>> When users start a program, they get a "file download" dialog

>>>>> box, or an error message: "Windows cannot access the

>>>>> specified device, path, or file. You may not have the

>>>>> appropriate permissions to access the item."

>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>

>>>>> but you can give it a try.

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>>> microsoft.public.windows.terminal_services:

>>>>>

>>>>>> We are not getting "a Website wants to start a remote

>>>>>> connection". I don't know if the Cert applies here. I

>>>>>> thought it was a Group Policy referring to trusted intranet

>>>>>> sites that needs to be set. Am I wrong?

>>>>>>

>>>>>>

>>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>>> wrote in message

>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>>> Check if this helps:

>>>>>>>

>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>> Website wants to start a remote connection. The publisher

>>>>>>> of this remote connection cannot be identified."

>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig

>>>>>>> ni ng

>>>>>>>

>>>>>>> _________________________________________________________

>>>>>>> Vera Noest

>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>

>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>>

>>>>>>>> When a user launches a RemoteAPP program, he gets an Open

>>>>>>>> File - Security Warning. It says "The publisher could not

>>>>>>>> be verified.

>>>>>>>> Are you sure you want to run this software?" The dialog

>>>>>>>> prompt

>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>> question. How can I set up the terminal server so these

>>>>>>>> prompts do not happen to any user?

>

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Have you used the GPO settings here:

 

Administrative Templates\Windows Components\Terminal Services

\Remote Desktop Connection Client

 

About Digitally Signing RemoteApp Programs

http://technet.microsoft.com/en-us/library/cc754499.aspx

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 29 aug 2008 in

microsoft.public.windows.terminal_services:

> OK. Now that the .rdp files are working again, we are still

> getting the security warning. The .rdp file points to an .exe.

> This .exe is our accounting software and it launches different

> .exes from within. Whenever it launches the other .exes, these

> warnings prompt the user. Any ideas?

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9B08E39CA3C01veranoesthemutforsse@207.46.248.16...

>> OK, let's continue in the new thread, has a more appropriate

>> subject line.

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 28 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Vera, I installed a cert and I am now digitally signing my

>>> .rdp files. However, I am now getting an error and I can no

>>> longer connect to the terminal server with them. I created a

>>> new thread called "Problem digitally signing .rdp files" on

>>> 8/27. Could you offer some insight please?

>>>

>>> Thanks.

>>>

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>> But have you digitally signed your rdp files? Without that,

>>>> you'll not get rid of the warning.

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> Here is the exact message...

>>>>>

>>>>>

>>>>>

>>>>> Title Bar: Open File - Security Warning

>>>>> Message: The publisher could not be verified. Are you sure

>>>>> you want to run this software?

>>>>> Name: u:\folder\program.exe

>>>>> Publisher: Unknown Publisher

>>>>> Type: Application

>>>>> From: u:\folder\program.exe

>>>>>

>>>>> Run button Cancel

>>>>> button

>>>>>

>>>>> This file does not have a valid digital signature that

>>>>> verifies its

>>>>> publisher. You should only run software from publishers you

>>>>> trust. How can I decide what software to run?

>>>>>

>>>>>

>>>>>

>>>>> ...It doesn't mention website or file download.

>>>>>

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>> wrote in message

>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>> Then I would expect this message:

>>>>>>

>>>>>> When users start a program, they get a "file download"

>>>>>> dialog box, or an error message: "Windows cannot access the

>>>>>> specified device, path, or file. You may not have the

>>>>>> appropriate permissions to access the item."

>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>

>>>>>> but you can give it a try.

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>

>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>>>> microsoft.public.windows.terminal_services:

>>>>>>

>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>

>>>>>>>

>>>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>>>> wrote in message

>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>>>> Check if this helps:

>>>>>>>>

>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>> Website wants to start a remote connection. The publisher

>>>>>>>> of this remote connection cannot be identified."

>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s

>>>>>>>> ig ni ng

>>>>>>>>

>>>>>>>> _________________________________________________________

>>>>>>>> Vera Noest

>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>

>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>>>

>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>> could not be verified.

>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>> dialog prompt

>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>> question. How can I set up the terminal server so these

>>>>>>>>> prompts do not happen to any user?

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

I saw those settings, however, the users will be connecting from home so I

didn't think group policy would affect them. Am I correct?

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9B0B99A0BA7AAveranoesthemutforsse@207.46.248.16...

> Have you used the GPO settings here:

>

> Administrative Templates\Windows Components\Terminal Services

> \Remote Desktop Connection Client

>

> About Digitally Signing RemoteApp Programs

> http://technet.microsoft.com/en-us/library/cc754499.aspx

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 29 aug 2008 in

> microsoft.public.windows.terminal_services:

>

>> OK. Now that the .rdp files are working again, we are still

>> getting the security warning. The .rdp file points to an .exe.

>> This .exe is our accounting software and it launches different

>> .exes from within. Whenever it launches the other .exes, these

>> warnings prompt the user. Any ideas?

>>

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

>> in message

>> news:Xns9B08E39CA3C01veranoesthemutforsse@207.46.248.16...

>>> OK, let's continue in the new thread, has a more appropriate

>>> subject line.

>>>

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>>

>>> "Saucer Man" <saucerman@nospam.com> wrote on 28 aug 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> Vera, I installed a cert and I am now digitally signing my

>>>> .rdp files. However, I am now getting an error and I can no

>>>> longer connect to the terminal server with them. I created a

>>>> new thread called "Problem digitally signing .rdp files" on

>>>> 8/27. Could you offer some insight please?

>>>>

>>>> Thanks.

>>>>

>>>>

>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>> wrote in message

>>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>>> But have you digitally signed your rdp files? Without that,

>>>>> you'll not get rid of the warning.

>>>>> _________________________________________________________

>>>>> Vera Noest

>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>

>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>>> microsoft.public.windows.terminal_services:

>>>>>

>>>>>> Here is the exact message...

>>>>>>

>>>>>>

>>>>>>

>>>>>> Title Bar: Open File - Security Warning

>>>>>> Message: The publisher could not be verified. Are you sure

>>>>>> you want to run this software?

>>>>>> Name: u:\folder\program.exe

>>>>>> Publisher: Unknown Publisher

>>>>>> Type: Application

>>>>>> From: u:\folder\program.exe

>>>>>>

>>>>>> Run button Cancel

>>>>>> button

>>>>>>

>>>>>> This file does not have a valid digital signature that

>>>>>> verifies its

>>>>>> publisher. You should only run software from publishers you

>>>>>> trust. How can I decide what software to run?

>>>>>>

>>>>>>

>>>>>>

>>>>>> ...It doesn't mention website or file download.

>>>>>>

>>>>>>

>>>>>>

>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>>> wrote in message

>>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>>> Then I would expect this message:

>>>>>>>

>>>>>>> When users start a program, they get a "file download"

>>>>>>> dialog box, or an error message: "Windows cannot access the

>>>>>>> specified device, path, or file. You may not have the

>>>>>>> appropriate permissions to access the item."

>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>>

>>>>>>> but you can give it a try.

>>>>>>> _________________________________________________________

>>>>>>> Vera Noest

>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>

>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008 in

>>>>>>> microsoft.public.windows.terminal_services:

>>>>>>>

>>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>>

>>>>>>>>

>>>>>>>> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se>

>>>>>>>> wrote in message

>>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16...

>>>>>>>>> Check if this helps:

>>>>>>>>>

>>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>>> Website wants to start a remote connection. The publisher

>>>>>>>>> of this remote connection cannot be identified."

>>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s

>>>>>>>>> ig ni ng

>>>>>>>>>

>>>>>>>>> _________________________________________________________

>>>>>>>>> Vera Noest

>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>>

>>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008:

>>>>>>>>>

>>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>>> could not be verified.

>>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>>> dialog prompt

>>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>>> question. How can I set up the terminal server so these

>>>>>>>>>> prompts do not happen to any user?

>

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

No. And I don't feel that it would be the right why to solve the

problem either. But I'm out of ideas, sorry.

I'd call support again.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

 

"Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008:

> I saw those settings, however, the users will be connecting from

> home so I didn't think group policy would affect them. Am I

> correct?

>

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9B0B99A0BA7AAveranoesthemutforsse@207.46.248.16...

>> Have you used the GPO settings here:

>>

>> Administrative Templates\Windows Components\Terminal Services

>> \Remote Desktop Connection Client

>>

>> About Digitally Signing RemoteApp Programs

>> http://technet.microsoft.com/en-us/library/cc754499.aspx

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 29 aug 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> OK. Now that the .rdp files are working again, we are still

>>> getting the security warning. The .rdp file points to an

>>> .exe. This .exe is our accounting software and it launches

>>> different .exes from within. Whenever it launches the other

>>> .exes, these warnings prompt the user. Any ideas?

>>>

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> wrote in message

>>> news:Xns9B08E39CA3C01veranoesthemutforsse@207.46.248.16...

>>>> OK, let's continue in the new thread, has a more appropriate

>>>> subject line.

>>>>

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>>

>>>> "Saucer Man" <saucerman@nospam.com> wrote on 28 aug 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> Vera, I installed a cert and I am now digitally signing my

>>>>> .rdp files. However, I am now getting an error and I can no

>>>>> longer connect to the terminal server with them. I created

>>>>> a new thread called "Problem digitally signing .rdp files"

>>>>> on 8/27. Could you offer some insight please?

>>>>>

>>>>> Thanks.

>>>>>

>>>>>

>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>> wrote in message

>>>>> news:Xns9AF2A63192154veranoesthemutforsse@207.46.248.16...

>>>>>> But have you digitally signed your rdp files? Without that,

>>>>>> you'll not get rid of the warning.

>>>>>> _________________________________________________________

>>>>>> Vera Noest

>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>

>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 06 aug 2008 in

>>>>>> microsoft.public.windows.terminal_services:

>>>>>>

>>>>>>> Here is the exact message...

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> Title Bar: Open File - Security Warning

>>>>>>> Message: The publisher could not be verified. Are you

>>>>>>> sure you want to run this software?

>>>>>>> Name: u:\folder\program.exe

>>>>>>> Publisher: Unknown Publisher

>>>>>>> Type: Application

>>>>>>> From: u:\folder\program.exe

>>>>>>>

>>>>>>> Run button Cancel

>>>>>>> button

>>>>>>>

>>>>>>> This file does not have a valid digital signature that

>>>>>>> verifies its

>>>>>>> publisher. You should only run software from publishers

>>>>>>> you trust. How can I decide what software to run?

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> ...It doesn't mention website or file download.

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>>>>>> wrote in message

>>>>>>> news:Xns9AF1D604C7326veranoesthemutforsse@207.46.248.16...

>>>>>>>> Then I would expect this message:

>>>>>>>>

>>>>>>>> When users start a program, they get a "file download"

>>>>>>>> dialog box, or an error message: "Windows cannot access

>>>>>>>> the specified device, path, or file. You may not have the

>>>>>>>> appropriate permissions to access the item."

>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>>>>

>>>>>>>> but you can give it a try.

>>>>>>>> _________________________________________________________

>>>>>>>> Vera Noest

>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>>>>>

>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug 2008

>>>>>>>> in microsoft.public.windows.terminal_services:

>>>>>>>>

>>>>>>>>> We are not getting "a Website wants to start a remote

>>>>>>>>> connection". I don't know if the Cert applies here. I

>>>>>>>>> thought it was a Group Policy referring to trusted

>>>>>>>>> intranet sites that needs to be set. Am I wrong?

>>>>>>>>>

>>>>>>>>>

>>>>>>>>> "Vera Noest [MVP]"

>>>>>>>>> <Vera.Noest@remove-this.hem.utfors.se> wrote in message

>>>>>>>>> news:Xns9AF199A50F5DDveranoesthemutforsse@207.46.248.16..

>>>>>>>>> .

>>>>>>>>>> Check if this helps:

>>>>>>>>>>

>>>>>>>>>> When users start a RemoteApp, they get a dialog box: "a

>>>>>>>>>> Website wants to start a remote connection. The

>>>>>>>>>> publisher of this remote connection cannot be

>>>>>>>>>> identified."

>>>>>>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp

>>>>>>>>>> _s ig ni ng

>>>>>>>>>>

>>>>>>>>>> ________________________________________________________

>>>>>>>>>> _ Vera Noest

>>>>>>>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>>>>>>>> TS troubleshooting: http://ts.veranoest.net

>>>>>>>>>> *----------- Please reply in newsgroup -------------*

>>>>>>>>>>

>>>>>>>>>> "Saucer Man" <saucerman@nospam.com> wrote on 05 aug

>>>>>>>>>> 2008:

>>>>>>>>>>

>>>>>>>>>>> When a user launches a RemoteAPP program, he gets an

>>>>>>>>>>> Open File - Security Warning. It says "The publisher

>>>>>>>>>>> could not be verified.

>>>>>>>>>>> Are you sure you want to run this software?" The

>>>>>>>>>>> dialog prompt

>>>>>>>>>>> refers to the drive letter mapping and the .exe in

>>>>>>>>>>> question. How can I set up the terminal server so

>>>>>>>>>>> these prompts do not happen to any user?

[Guest TP]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Hi Vera,

 

If "Launching applications and unsafe files" is set to Disable

for the applicable security zone, then the user will receive the

message you expect. If, however, the setting is set to Prompt

then the user will receive the message that Saucer Man is

receiving.

 

The instructions in your FAQ are relevant. If Saucer Man

still has trouble after following them he should post back

and we can help him troubleshoot.

 

Thanks.

 

-TP

 

Vera Noest [MVP] wrote:

> Then I would expect this message:

>

> When users start a program, they get a "file download" dialog box,

> or an error message: "Windows cannot access the specified device,

> path, or file. You may not have the appropriate permissions to

> access the item."

> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>

> but you can give it a try.

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Aaaaah, I see! I was completely focused on the signed rdp files,

thought that the IEES problem was already solved.

Thanks, TP!

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"TP" <tperson.knowspamn@mailandnews.com> wrote on 02 sep 2008 in

microsoft.public.windows.terminal_services:

> Hi Vera,

>

> If "Launching applications and unsafe files" is set to Disable

> for the applicable security zone, then the user will receive the

> message you expect. If, however, the setting is set to Prompt

> then the user will receive the message that Saucer Man is

> receiving.

>

> The instructions in your FAQ are relevant. If Saucer Man

> still has trouble after following them he should post back

> and we can help him troubleshoot.

>

> Thanks.

>

> -TP

>

> Vera Noest [MVP] wrote:

>> Then I would expect this message:

>>

>> When users start a program, they get a "file download" dialog

box,

>> or an error message: "Windows cannot access the specified

device,

>> path, or file. You may not have the appropriate permissions to

>> access the item."

>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>

>> but you can give it a try.

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Setting the GPO per the FAQ seems to solve the issue. However, I.E. warns

that this setting is not secure and not recommended. I would think that I

can somehow get it to recognize that these applications are safe without

having to use this setting. I have a call with Microsoft and they are still

trying to figure it out.

 

"TP" <tperson.knowspamn@mailandnews.com> wrote in message

news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...

> Hi Vera,

>

> If "Launching applications and unsafe files" is set to Disable for the

> applicable security zone, then the user will receive the message you

> expect. If, however, the setting is set to Prompt then the user will

> receive the message that Saucer Man is receiving.

>

> The instructions in your FAQ are relevant. If Saucer Man still has

> trouble after following them he should post back and we can help him

> troubleshoot.

>

> Thanks.

>

> -TP

>

> Vera Noest [MVP] wrote:

>> Then I would expect this message:

>>

>> When users start a program, they get a "file download" dialog box,

>> or an error message: "Windows cannot access the specified device,

>> path, or file. You may not have the appropriate permissions to

>> access the item."

>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>

>> but you can give it a try.

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>

>

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Yes, I agree with you, Saucer Man, one thinks that you shouldn't

need to use this setting when you have digitally signed your rdp

file.

I would appreciate it very much if you can report back here what MS

support finally suggests to solve the problem!

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008 in

microsoft.public.windows.terminal_services:

> Setting the GPO per the FAQ seems to solve the issue. However,

> I.E. warns that this setting is not secure and not recommended.

> I would think that I can somehow get it to recognize that these

> applications are safe without having to use this setting. I

> have a call with Microsoft and they are still trying to figure

> it out.

>

> "TP" <tperson.knowspamn@mailandnews.com> wrote in message

> news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...

>> Hi Vera,

>>

>> If "Launching applications and unsafe files" is set to Disable

>> for the applicable security zone, then the user will receive

>> the message you expect. If, however, the setting is set to

>> Prompt then the user will receive the message that Saucer Man

>> is receiving.

>>

>> The instructions in your FAQ are relevant. If Saucer Man still

>> has trouble after following them he should post back and we can

>> help him troubleshoot.

>>

>> Thanks.

>>

>> -TP

>>

>> Vera Noest [MVP] wrote:

>>> Then I would expect this message:

>>>

>>> When users start a program, they get a "file download" dialog

>>> box, or an error message: "Windows cannot access the specified

>>> device, path, or file. You may not have the appropriate

>>> permissions to access the item."

>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>

>>> but you can give it a try.

[Guest Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

OK. The issue has been solved by Microsoft. They think the app itself

isn't digitally signed which is why the problem is occuring. Here's what

they did...

 

The opened the Local Group Policy Editor on the 2008 Terminal Server (I only

have 2003 admin templates in our 2003 AD so we couldn't do it with group

policy in my current group pllicty management console). They went to User

Configuration\Administrative Templates\Windows Components\Attachment

Manager. There is a policy setting for "Inclusion list for moderate risk

file types". They enabled this and added .exe in the list. I didn't want

to add all exe's so we changed it and put the entire executable name in the

exclusion list.

 

Thanks all for hanging through this long process. I appreciate it!

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9B0E997054F38veranoesthemutforsse@207.46.248.16...

> Yes, I agree with you, Saucer Man, one thinks that you shouldn't

> need to use this setting when you have digitally signed your rdp

> file.

> I would appreciate it very much if you can report back here what MS

> support finally suggests to solve the problem!

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008 in

> microsoft.public.windows.terminal_services:

>

>> Setting the GPO per the FAQ seems to solve the issue. However,

>> I.E. warns that this setting is not secure and not recommended.

>> I would think that I can somehow get it to recognize that these

>> applications are safe without having to use this setting. I

>> have a call with Microsoft and they are still trying to figure

>> it out.

>>

>> "TP" <tperson.knowspamn@mailandnews.com> wrote in message

>> news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...

>>> Hi Vera,

>>>

>>> If "Launching applications and unsafe files" is set to Disable

>>> for the applicable security zone, then the user will receive

>>> the message you expect. If, however, the setting is set to

>>> Prompt then the user will receive the message that Saucer Man

>>> is receiving.

>>>

>>> The instructions in your FAQ are relevant. If Saucer Man still

>>> has trouble after following them he should post back and we can

>>> help him troubleshoot.

>>>

>>> Thanks.

>>>

>>> -TP

>>>

>>> Vera Noest [MVP] wrote:

>>>> Then I would expect this message:

>>>>

>>>> When users start a program, they get a "file download" dialog

>>>> box, or an error message: "Windows cannot access the specified

>>>> device, path, or file. You may not have the appropriate

>>>> permissions to access the item."

>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>

>>>> but you can give it a try.

>

[Guest Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

 

Re: How do you prevent the security warning "unknown publisher" for all users?

 

OK, that makes sense.

I'm glad that your problem is solved, and thanks for sharing the

solution with us, Saucer Man!

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Saucer Man" <saucerman@nospam.com> wrote on 05 sep 2008 in

microsoft.public.windows.terminal_services:

> OK. The issue has been solved by Microsoft. They think the app

> itself isn't digitally signed which is why the problem is

> occuring. Here's what they did...

>

> The opened the Local Group Policy Editor on the 2008 Terminal

> Server (I only have 2003 admin templates in our 2003 AD so we

> couldn't do it with group policy in my current group pllicty

> management console). They went to User

> Configuration\Administrative Templates\Windows

> Components\Attachment Manager. There is a policy setting for

> "Inclusion list for moderate risk file types". They enabled

> this and added .exe in the list. I didn't want to add all exe's

> so we changed it and put the entire executable name in the

> exclusion list.

>

> Thanks all for hanging through this long process. I appreciate

> it!

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote

> in message

> news:Xns9B0E997054F38veranoesthemutforsse@207.46.248.16...

>> Yes, I agree with you, Saucer Man, one thinks that you

>> shouldn't need to use this setting when you have digitally

>> signed your rdp file.

>> I would appreciate it very much if you can report back here

>> what MS support finally suggests to solve the problem!

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Setting the GPO per the FAQ seems to solve the issue.

>>> However, I.E. warns that this setting is not secure and not

>>> recommended. I would think that I can somehow get it to

>>> recognize that these applications are safe without having to

>>> use this setting. I have a call with Microsoft and they are

>>> still trying to figure it out.

>>>

>>> "TP" <tperson.knowspamn@mailandnews.com> wrote in message

>>> news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...

>>>> Hi Vera,

>>>>

>>>> If "Launching applications and unsafe files" is set to

>>>> Disable for the applicable security zone, then the user will

>>>> receive the message you expect. If, however, the setting is

>>>> set to Prompt then the user will receive the message that

>>>> Saucer Man is receiving.

>>>>

>>>> The instructions in your FAQ are relevant. If Saucer Man

>>>> still has trouble after following them he should post back

>>>> and we can help him troubleshoot.

>>>>

>>>> Thanks.

>>>>

>>>> -TP

>>>>

>>>> Vera Noest [MVP] wrote:

>>>>> Then I would expect this message:

>>>>>

>>>>> When users start a program, they get a "file download"

>>>>> dialog box, or an error message: "Windows cannot access the

>>>>> specified device, path, or file. You may not have the

>>>>> appropriate permissions to access the item."

>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

>>>>>

>>>>> but you can give it a try.