Discussion:
Disable Security Warning for Drives mapped to dfs servers
(too old to reply)
f***@gmail.com
2008-11-11 11:45:37 UTC
Permalink
Hello!

I can access a program on a dfs share without security warning. (I
addes the dfs domain to the local intranet)

I get a security warning when start the same program using a drive
letter mapped to the same share. I cannot at the drive letter to the
local intranet.

Now I am searching for a way to disable the security warning via GPOs
for my domain. Is there any solution?

Bernd Köster
Anthony [MVP]
2008-11-14 09:16:15 UTC
Permalink
This post might be inappropriate. Click to display it.
f***@gmail.com
2008-11-21 11:45:58 UTC
Permalink
The file://server is set. This is set to the dfs path. I have no
problem starting an executable using the unc path
\\domain\dfs\path\sub\executable.exe

Now I use:
net use /persistent:yes Z: \\domain\dfs\path

Starting the Z:\sub.executable from the windows explorer throw the
security warning

The automatic detection of the intranet is turned off.

I use Windows 2008 as server for the dfs, the shares are located on
the windows 2003 SBS. A Windows 2003 SBS as domain server and Windows
XP as client OS.

I want to switch to Windows 2008 and using dfs. But with these
warnings I have no chance to get the user acceptance I need.

Bernd Köster
Post by Anthony [MVP]
You can set it to trust a file path, with "file://server"
You can also uncheck the policy setting: Admin Templates\Internet
Explorer\Internet Control Panel\Security Page\Turn on automatic detection of
the Intranet. The settings here block remote execution except for specified
Trusted Sites, which can be a problem.
Anthony,
http://www.airdesk.co.uk
Post by f***@gmail.com
Hello!
I can access a program on a dfs share without security warning. (I
addes the dfs domain to the local intranet)
I get a security warning when start the same program using a drive
letter mapped to the same share. I cannot at the drive letter to the
local intranet.
Now I am searching for a way to disable the security warning via GPOs
for my domain. Is there any solution?
Bernd K�ster
Anthony [MVP]
2008-11-30 08:21:00 UTC
Permalink
OK, I see what you mean. So it allows execution from explicit Trusted Sites,
but not from a local server.
If you try not using the GP for restricted zones at all, does it work? Then
you can narrow down which policy causes the problem. I have had problems
with the interaction between the automatic detection policy, and the
"Include all local (Intranet) sites not listed in other zones..." policy.
Anthony,
http://www.airdesk.co.uk
Post by f***@gmail.com
The file://server is set. This is set to the dfs path. I have no
problem starting an executable using the unc path
\\domain\dfs\path\sub\executable.exe
net use /persistent:yes Z: \\domain\dfs\path
Starting the Z:\sub.executable from the windows explorer throw the
security warning
The automatic detection of the intranet is turned off.
I use Windows 2008 as server for the dfs, the shares are located on
the windows 2003 SBS. A Windows 2003 SBS as domain server and Windows
XP as client OS.
I want to switch to Windows 2008 and using dfs. But with these
warnings I have no chance to get the user acceptance I need.
Bernd Köster
Post by Anthony [MVP]
You can set it to trust a file path, with "file://server"
You can also uncheck the policy setting: Admin Templates\Internet
Explorer\Internet Control Panel\Security Page\Turn on automatic detection of
the Intranet. The settings here block remote execution except for specified
Trusted Sites, which can be a problem.
Anthony,
http://www.airdesk.co.uk
Post by f***@gmail.com
Hello!
I can access a program on a dfs share without security warning. (I
addes the dfs domain to the local intranet)
I get a security warning when start the same program using a drive
letter mapped to the same share. I cannot at the drive letter to the
local intranet.
Now I am searching for a way to disable the security warning via GPOs
for my domain. Is there any solution?
Bernd K�ster
Svante Johnson
2008-12-05 12:48:02 UTC
Permalink
Try to either add file://Z:\ to the Intranet zone or add the following key to
the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\foo.bar]
"file"=dword:00000001

Replace foo.bar with your domain. If you add the registry key manually make
sure you don't use any group policies to specify other site to zone
assignment.

/ Svante
Post by f***@gmail.com
The file://server is set. This is set to the dfs path. I have no
problem starting an executable using the unc path
\\domain\dfs\path\sub\executable.exe
net use /persistent:yes Z: \\domain\dfs\path
Starting the Z:\sub.executable from the windows explorer throw the
security warning
The automatic detection of the intranet is turned off.
I use Windows 2008 as server for the dfs, the shares are located on
the windows 2003 SBS. A Windows 2003 SBS as domain server and Windows
XP as client OS.
I want to switch to Windows 2008 and using dfs. But with these
warnings I have no chance to get the user acceptance I need.
Bernd Köster
Post by Anthony [MVP]
You can set it to trust a file path, with "file://server"
You can also uncheck the policy setting: Admin Templates\Internet
Explorer\Internet Control Panel\Security Page\Turn on automatic detection of
the Intranet. The settings here block remote execution except for specified
Trusted Sites, which can be a problem.
Anthony,
http://www.airdesk.co.uk
Post by f***@gmail.com
Hello!
I can access a program on a dfs share without security warning. (I
addes the dfs domain to the local intranet)
I get a security warning when start the same program using a drive
letter mapped to the same share. I cannot at the drive letter to the
local intranet.
Now I am searching for a way to disable the security warning via GPOs
for my domain. Is there any solution?
Bernd K�ster
t***@gmail.com
2014-04-03 13:02:44 UTC
Permalink
This post might be inappropriate. Click to display it.
Loading...