Discussion:
How do you prevent the security warning "unknown publisher" for all users?
(too old to reply)
Saucer Man
2008-08-05 13:02:21 UTC
Permalink
When a user launches a RemoteAPP program, he gets an Open File - Security
Warning. It says "The publisher could not be verified. Are you sure you
want to run this software?" The dialog prompt refers to the drive letter
mapping and the .exe in question. How can I set up the terminal server so
these prompts do not happen to any user?
--
Thanks!
Vera Noest [MVP]
2008-08-05 13:06:14 UTC
Permalink
Check if this helps:

When users start a RemoteApp, they get a dialog box: "a Website wants
to start a remote connection. The publisher of this remote connection
cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open File -
Security Warning. It says "The publisher could not be verified.
Are you sure you want to run this software?" The dialog prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Saucer Man
2008-08-05 14:35:10 UTC
Permalink
We are not getting "a Website wants to start a remote connection". I don't
know if the Cert applies here. I thought it was a Group Policy referring to
trusted intranet sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a Website wants
to start a remote connection. The publisher of this remote connection
cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open File -
Security Warning. It says "The publisher could not be verified.
Are you sure you want to run this software?" The dialog prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Vera Noest [MVP]
2008-08-05 19:02:20 UTC
Permalink
Then I would expect this message:

When users start a program, they get a "file download" dialog box,
or an error message: "Windows cannot access the specified device,
path, or file. You may not have the appropriate permissions to
access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig

but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I thought
it was a Group Policy referring to trusted intranet sites that
needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a Website
wants to start a remote connection. The publisher of this
remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open File
- Security Warning. It says "The publisher could not be
verified.
Are you sure you want to run this software?" The dialog
prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Saucer Man
2008-08-06 12:09:59 UTC
Permalink
Here is the exact message...



Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure you want to run
this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe

Run button Cancel button

This file does not have a valid digital signature that verifies its
publisher. You should only run software from publishers you trust.
How can I decide what software to run?



...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog box,
or an error message: "Windows cannot access the specified device,
path, or file. You may not have the appropriate permissions to
access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I thought
it was a Group Policy referring to trusted intranet sites that
needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a Website
wants to start a remote connection. The publisher of this
remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signing
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open File
- Security Warning. It says "The publisher could not be
verified.
Are you sure you want to run this software?" The dialog
prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Vera Noest [MVP]
2008-08-06 14:20:14 UTC
Permalink
But have you digitally signed your rdp files? Without that, you'll
not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure you
want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the specified
device, path, or file. You may not have the appropriate
permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher of
this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signi
ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog
prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Saucer Man
2008-08-06 15:37:02 UTC
Permalink
That's probably the issue. How do I digitally sign these .rdp files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that, you'll
not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure you
want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the specified
device, path, or file. You may not have the appropriate
permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher of
this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signi
ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog
prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Vera Noest [MVP]
2008-08-06 23:14:15 UTC
Permalink
That's done in RemoteApp Manager. You'll have to get a certificate.

Terminal Services RemoteApp Step-By-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/61d24255
-dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
That's probably the issue. How do I digitally sign these .rdp
files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig
ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Saucer Man
2008-08-07 11:53:29 UTC
Permalink
Ok. I was asking about a Cert in another post. If I get a CERT from
GoDaddy for the TS Gateway, it should also work for digitally signing the
.rdp files correct?
Post by Vera Noest [MVP]
That's done in RemoteApp Manager. You'll have to get a certificate.
Terminal Services RemoteApp Step-By-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/61d24255
-dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
That's probably the issue. How do I digitally sign these .rdp files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig
ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Vera Noest [MVP]
2008-08-07 12:16:14 UTC
Permalink
Did you read the Step-by-Step guide? The answers to all of your
questions are there:

If you are already using an SSL certificate for terminal server or
TS Gateway connections, you can use the same certificate to sign
.rdp files. However, if users will connect to RemoteApp programs
from public or home computers, you must use either of the
following:

* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).

* If you are using an enterprise CA, your enterprise CA-issued
certificate must be co-signed by a public CA that participates in
the Microsoft Root Certification Program Members program.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Ok. I was asking about a Cert in another post. If I get a CERT
from GoDaddy for the TS Gateway, it should also work for
digitally signing the .rdp files correct?
Post by Vera Noest [MVP]
That's done in RemoteApp Manager. You'll have to get a
certificate.
Terminal Services RemoteApp Step-By-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/61d24
255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
That's probably the issue. How do I digitally sign these .rdp files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s
ig ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Saucer Man
2008-08-07 12:26:49 UTC
Permalink
Yes, I did read it. And it is this paragraph that is a bit confusing...
Post by Vera Noest [MVP]
If you are already using an SSL certificate for terminal server or
TS Gateway connections, you can use the same certificate to sign
.rdp files. However, if users will connect to RemoteApp programs
from public or home computers, you must use either of the
* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).
We do have users that will connect from home computers and we are purchasing
a GoDaddy CERT for the TS Gateway. GoDaddy is on the list but it is not
clear to me if because I have home computers connecting, I will need a
different CERT from that list.
Post by Vera Noest [MVP]
Did you read the Step-by-Step guide? The answers to all of your
If you are already using an SSL certificate for terminal server or
TS Gateway connections, you can use the same certificate to sign
.rdp files. However, if users will connect to RemoteApp programs
from public or home computers, you must use either of the
* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).
* If you are using an enterprise CA, your enterprise CA-issued
certificate must be co-signed by a public CA that participates in
the Microsoft Root Certification Program Members program.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Ok. I was asking about a Cert in another post. If I get a CERT
from GoDaddy for the TS Gateway, it should also work for
digitally signing the .rdp files correct?
Post by Vera Noest [MVP]
That's done in RemoteApp Manager. You'll have to get a
certificate.
Terminal Services RemoteApp Step-By-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/61d24
255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
That's probably the issue. How do I digitally sign these .rdp files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s
ig ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Vera Noest [MVP]
2008-08-07 19:12:31 UTC
Permalink
GoDaddy is on the list, so a certifcate from them is OK for both
purposes.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Yes, I did read it. And it is this paragraph that is a bit
confusing...
Post by Vera Noest [MVP]
If you are already using an SSL certificate for terminal server
or TS Gateway connections, you can use the same certificate to
sign .rdp files. However, if users will connect to RemoteApp
programs from public or home computers, you must use either of
* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).
We do have users that will connect from home computers and we
are purchasing a GoDaddy CERT for the TS Gateway. GoDaddy is on
the list but it is not clear to me if because I have home
computers connecting, I will need a different CERT from that
list.
Post by Vera Noest [MVP]
Did you read the Step-by-Step guide? The answers to all of your
If you are already using an SSL certificate for terminal server
or TS Gateway connections, you can use the same certificate to
sign .rdp files. However, if users will connect to RemoteApp
programs from public or home computers, you must use either of
* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).
* If you are using an enterprise CA, your enterprise CA-issued
certificate must be co-signed by a public CA that participates
in the Microsoft Root Certification Program Members program.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Ok. I was asking about a Cert in another post. If I get a
CERT from GoDaddy for the TS Gateway, it should also work for
digitally signing the .rdp files correct?
Post by Vera Noest [MVP]
That's done in RemoteApp Manager. You'll have to get a
certificate.
Terminal Services RemoteApp Step-By-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/61d
24 255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
That's probably the issue. How do I digitally sign these
.rdp files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you
sure you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that verifies its
publisher. You should only run software from publishers
you trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access
the specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
"Vera Noest [MVP]"
.
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The
publisher of this remote connection cannot be
identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp
_s ig ni ng
________________________________________________________
_ Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so
these prompts do not happen to any user?
Saucer Man
2008-08-11 12:04:46 UTC
Permalink
Thank you!

Rich
Post by Vera Noest [MVP]
GoDaddy is on the list, so a certifcate from them is OK for both
purposes.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Yes, I did read it. And it is this paragraph that is a bit
confusing...
Post by Vera Noest [MVP]
If you are already using an SSL certificate for terminal server
or TS Gateway connections, you can use the same certificate to
sign .rdp files. However, if users will connect to RemoteApp
programs from public or home computers, you must use either of
* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).
We do have users that will connect from home computers and we
are purchasing a GoDaddy CERT for the TS Gateway. GoDaddy is on
the list but it is not clear to me if because I have home
computers connecting, I will need a different CERT from that
list.
Post by Vera Noest [MVP]
Did you read the Step-by-Step guide? The answers to all of your
If you are already using an SSL certificate for terminal server
or TS Gateway connections, you can use the same certificate to
sign .rdp files. However, if users will connect to RemoteApp
programs from public or home computers, you must use either of
* A certificate from a public certification authority (CA) that
participates in the Microsoft Root Certificate Program Members
program (http://go.microsoft.com/fwlink/?LinkID=59547).
* If you are using an enterprise CA, your enterprise CA-issued
certificate must be co-signed by a public CA that participates
in the Microsoft Root Certification Program Members program.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Ok. I was asking about a Cert in another post. If I get a
CERT from GoDaddy for the TS Gateway, it should also work for
digitally signing the .rdp files correct?
Post by Vera Noest [MVP]
That's done in RemoteApp Manager. You'll have to get a
certificate.
Terminal Services RemoteApp Step-By-Step Guide
http://technet2.microsoft.com/windowsserver2008/en/library/61d
24 255 -dad1-4fd2-b4a3-a91a22973def1033.mspx?mfr=true
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
That's probably the issue. How do I digitally sign these
.rdp files?
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you
sure you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that verifies its
publisher. You should only run software from publishers
you trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access
the specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
"Vera Noest [MVP]"
.
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The
publisher of this remote connection cannot be
identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp
_s ig ni ng
________________________________________________________
_ Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so
these prompts do not happen to any user?
Saucer Man
2008-08-28 12:06:16 UTC
Permalink
Vera, I installed a cert and I am now digitally signing my .rdp files.
However, I am now getting an error and I can no longer connect to the
terminal server with them. I created a new thread called "Problem digitally
signing .rdp files" on 8/27. Could you offer some insight please?

Thanks.
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that, you'll
not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure you
want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the specified
device, path, or file. You may not have the appropriate
permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher of
this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_signi
ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog
prompt
refers to the drive letter mapping and the .exe in question.
How can I set up the terminal server so these prompts do not
happen to any user?
Vera Noest [MVP]
2008-08-28 20:22:30 UTC
Permalink
OK, let's continue in the new thread, has a more appropriate
subject line.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Vera, I installed a cert and I am now digitally signing my .rdp
files. However, I am now getting an error and I can no longer
connect to the terminal server with them. I created a new
thread called "Problem digitally signing .rdp files" on 8/27.
Could you offer some insight please?
Thanks.
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig
ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Saucer Man
2008-08-29 17:12:20 UTC
Permalink
OK. Now that the .rdp files are working again, we are still getting the
security warning. The .rdp file points to an .exe. This .exe is our
accounting software and it launches different .exes from within. Whenever
it launches the other .exes, these warnings prompt the user. Any ideas?
Post by Vera Noest [MVP]
OK, let's continue in the new thread, has a more appropriate
subject line.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Vera, I installed a cert and I am now digitally signing my .rdp
files. However, I am now getting an error and I can no longer
connect to the terminal server with them. I created a new
thread called "Problem digitally signing .rdp files" on 8/27.
Could you offer some insight please?
Thanks.
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted intranet
sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_sig
ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an Open
File - Security Warning. It says "The publisher could not
be verified.
Are you sure you want to run this software?" The dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Vera Noest [MVP]
2008-08-31 13:06:08 UTC
Permalink
Have you used the GPO settings here:

Administrative Templates\Windows Components\Terminal Services
\Remote Desktop Connection Client

About Digitally Signing RemoteApp Programs
http://technet.microsoft.com/en-us/library/cc754499.aspx

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
OK. Now that the .rdp files are working again, we are still
getting the security warning. The .rdp file points to an .exe.
This .exe is our accounting software and it launches different
.exes from within. Whenever it launches the other .exes, these
warnings prompt the user. Any ideas?
Post by Vera Noest [MVP]
OK, let's continue in the new thread, has a more appropriate
subject line.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Vera, I installed a cert and I am now digitally signing my
.rdp files. However, I am now getting an error and I can no
longer connect to the terminal server with them. I created a
new thread called "Problem digitally signing .rdp files" on
8/27. Could you offer some insight please?
Thanks.
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that
verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s
ig ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Saucer Man
2008-09-02 12:24:00 UTC
Permalink
I saw those settings, however, the users will be connecting from home so I
didn't think group policy would affect them. Am I correct?
Post by Vera Noest [MVP]
Administrative Templates\Windows Components\Terminal Services
\Remote Desktop Connection Client
About Digitally Signing RemoteApp Programs
http://technet.microsoft.com/en-us/library/cc754499.aspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
OK. Now that the .rdp files are working again, we are still
getting the security warning. The .rdp file points to an .exe.
This .exe is our accounting software and it launches different
.exes from within. Whenever it launches the other .exes, these
warnings prompt the user. Any ideas?
Post by Vera Noest [MVP]
OK, let's continue in the new thread, has a more appropriate
subject line.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Vera, I installed a cert and I am now digitally signing my
.rdp files. However, I am now getting an error and I can no
longer connect to the terminal server with them. I created a
new thread called "Problem digitally signing .rdp files" on
8/27. Could you offer some insight please?
Thanks.
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you sure
you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that verifies its
publisher. You should only run software from publishers you
trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The publisher
of this remote connection cannot be identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp_s
ig ni ng
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so these
prompts do not happen to any user?
Vera Noest [MVP]
2008-09-02 12:31:38 UTC
Permalink
No. And I don't feel that it would be the right why to solve the
problem either. But I'm out of ideas, sorry.
I'd call support again.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
I saw those settings, however, the users will be connecting from
home so I didn't think group policy would affect them. Am I
correct?
Post by Vera Noest [MVP]
Administrative Templates\Windows Components\Terminal Services
\Remote Desktop Connection Client
About Digitally Signing RemoteApp Programs
http://technet.microsoft.com/en-us/library/cc754499.aspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
OK. Now that the .rdp files are working again, we are still
getting the security warning. The .rdp file points to an
.exe. This .exe is our accounting software and it launches
different .exes from within. Whenever it launches the other
.exes, these warnings prompt the user. Any ideas?
Post by Vera Noest [MVP]
OK, let's continue in the new thread, has a more appropriate
subject line.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Vera, I installed a cert and I am now digitally signing my
.rdp files. However, I am now getting an error and I can no
longer connect to the terminal server with them. I created
a new thread called "Problem digitally signing .rdp files"
on 8/27. Could you offer some insight please?
Thanks.
Post by Vera Noest [MVP]
But have you digitally signed your rdp files? Without that,
you'll not get rid of the warning.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Here is the exact message...
Title Bar: Open File - Security Warning
Message: The publisher could not be verified. Are you
sure you want to run this software?
Name: u:\folder\program.exe
Publisher: Unknown Publisher
Type: Application
From: u:\folder\program.exe
Run button Cancel
button
This file does not have a valid digital signature that verifies its
publisher. You should only run software from publishers
you trust. How can I decide what software to run?
...It doesn't mention website or file download.
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access
the specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
We are not getting "a Website wants to start a remote
connection". I don't know if the Cert applies here. I
thought it was a Group Policy referring to trusted
intranet sites that needs to be set. Am I wrong?
"Vera Noest [MVP]"
.
Post by Vera Noest [MVP]
When users start a RemoteApp, they get a dialog box: "a
Website wants to start a remote connection. The
publisher of this remote connection cannot be
identified."
http://ts.veranoest.net/ts_faq_user_issues.htm#RemoteApp
_s ig ni ng
________________________________________________________
_ Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
Post by Saucer Man
When a user launches a RemoteAPP program, he gets an
Open File - Security Warning. It says "The publisher
could not be verified.
Are you sure you want to run this software?" The
dialog prompt
refers to the drive letter mapping and the .exe in
question. How can I set up the terminal server so
these prompts do not happen to any user?
TP
2008-09-02 14:00:27 UTC
Permalink
Hi Vera,

If "Launching applications and unsafe files" is set to Disable
for the applicable security zone, then the user will receive the
message you expect. If, however, the setting is set to Prompt
then the user will receive the message that Saucer Man is
receiving.

The instructions in your FAQ are relevant. If Saucer Man
still has trouble after following them he should post back
and we can help him troubleshoot.

Thanks.

-TP
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog box,
or an error message: "Windows cannot access the specified device,
path, or file. You may not have the appropriate permissions to
access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Vera Noest [MVP]
2008-09-02 19:01:02 UTC
Permalink
Aaaaah, I see! I was completely focused on the signed rdp files,
thought that the IEES problem was already solved.
Thanks, TP!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by TP
Hi Vera,
If "Launching applications and unsafe files" is set to Disable
for the applicable security zone, then the user will receive the
message you expect. If, however, the setting is set to Prompt
then the user will receive the message that Saucer Man is
receiving.
The instructions in your FAQ are relevant. If Saucer Man
still has trouble after following them he should post back
and we can help him troubleshoot.
Thanks.
-TP
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box,
Post by TP
Post by Vera Noest [MVP]
or an error message: "Windows cannot access the specified
device,
Post by TP
Post by Vera Noest [MVP]
path, or file. You may not have the appropriate permissions to
access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
Saucer Man
2008-09-02 19:23:52 UTC
Permalink
Setting the GPO per the FAQ seems to solve the issue. However, I.E. warns
that this setting is not secure and not recommended. I would think that I
can somehow get it to recognize that these applications are safe without
having to use this setting. I have a call with Microsoft and they are still
trying to figure it out.
Post by TP
Hi Vera,
If "Launching applications and unsafe files" is set to Disable for the
applicable security zone, then the user will receive the message you
expect. If, however, the setting is set to Prompt then the user will
receive the message that Saucer Man is receiving.
The instructions in your FAQ are relevant. If Saucer Man still has
trouble after following them he should post back and we can help him
troubleshoot.
Thanks.
-TP
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog box,
or an error message: "Windows cannot access the specified device,
path, or file. You may not have the appropriate permissions to
access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Vera Noest [MVP]
2008-09-03 13:05:03 UTC
Permalink
Yes, I agree with you, Saucer Man, one thinks that you shouldn't
need to use this setting when you have digitally signed your rdp
file.
I would appreciate it very much if you can report back here what MS
support finally suggests to solve the problem!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Setting the GPO per the FAQ seems to solve the issue. However,
I.E. warns that this setting is not secure and not recommended.
I would think that I can somehow get it to recognize that these
applications are safe without having to use this setting. I
have a call with Microsoft and they are still trying to figure
it out.
Post by TP
Hi Vera,
If "Launching applications and unsafe files" is set to Disable
for the applicable security zone, then the user will receive
the message you expect. If, however, the setting is set to
Prompt then the user will receive the message that Saucer Man
is receiving.
The instructions in your FAQ are relevant. If Saucer Man still
has trouble after following them he should post back and we can
help him troubleshoot.
Thanks.
-TP
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the specified
device, path, or file. You may not have the appropriate
permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
Saucer Man
2008-09-05 14:00:13 UTC
Permalink
OK. The issue has been solved by Microsoft. They think the app itself
isn't digitally signed which is why the problem is occuring. Here's what
they did...

The opened the Local Group Policy Editor on the 2008 Terminal Server (I only
have 2003 admin templates in our 2003 AD so we couldn't do it with group
policy in my current group pllicty management console). They went to User
Configuration\Administrative Templates\Windows Components\Attachment
Manager. There is a policy setting for "Inclusion list for moderate risk
file types". They enabled this and added .exe in the list. I didn't want
to add all exe's so we changed it and put the entire executable name in the
exclusion list.

Thanks all for hanging through this long process. I appreciate it!
Post by Vera Noest [MVP]
Yes, I agree with you, Saucer Man, one thinks that you shouldn't
need to use this setting when you have digitally signed your rdp
file.
I would appreciate it very much if you can report back here what MS
support finally suggests to solve the problem!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Setting the GPO per the FAQ seems to solve the issue. However,
I.E. warns that this setting is not secure and not recommended.
I would think that I can somehow get it to recognize that these
applications are safe without having to use this setting. I
have a call with Microsoft and they are still trying to figure
it out.
Post by TP
Hi Vera,
If "Launching applications and unsafe files" is set to Disable
for the applicable security zone, then the user will receive
the message you expect. If, however, the setting is set to
Prompt then the user will receive the message that Saucer Man
is receiving.
The instructions in your FAQ are relevant. If Saucer Man still
has trouble after following them he should post back and we can
help him troubleshoot.
Thanks.
-TP
Post by Vera Noest [MVP]
When users start a program, they get a "file download" dialog
box, or an error message: "Windows cannot access the specified
device, path, or file. You may not have the appropriate
permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
Vera Noest [MVP]
2008-09-06 12:38:53 UTC
Permalink
OK, that makes sense.
I'm glad that your problem is solved, and thanks for sharing the
solution with us, Saucer Man!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
OK. The issue has been solved by Microsoft. They think the app
itself isn't digitally signed which is why the problem is
occuring. Here's what they did...
The opened the Local Group Policy Editor on the 2008 Terminal
Server (I only have 2003 admin templates in our 2003 AD so we
couldn't do it with group policy in my current group pllicty
management console). They went to User
Configuration\Administrative Templates\Windows
Components\Attachment Manager. There is a policy setting for
"Inclusion list for moderate risk file types". They enabled
this and added .exe in the list. I didn't want to add all exe's
so we changed it and put the entire executable name in the
exclusion list.
Thanks all for hanging through this long process. I appreciate it!
Post by Vera Noest [MVP]
Yes, I agree with you, Saucer Man, one thinks that you
shouldn't need to use this setting when you have digitally
signed your rdp file.
I would appreciate it very much if you can report back here
what MS support finally suggests to solve the problem!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by Saucer Man
Setting the GPO per the FAQ seems to solve the issue.
However, I.E. warns that this setting is not secure and not
recommended. I would think that I can somehow get it to
recognize that these applications are safe without having to
use this setting. I have a call with Microsoft and they are
still trying to figure it out.
Post by TP
Hi Vera,
If "Launching applications and unsafe files" is set to
Disable for the applicable security zone, then the user will
receive the message you expect. If, however, the setting is
set to Prompt then the user will receive the message that
Saucer Man is receiving.
The instructions in your FAQ are relevant. If Saucer Man
still has trouble after following them he should post back
and we can help him troubleshoot.
Thanks.
-TP
Post by Vera Noest [MVP]
When users start a program, they get a "file download"
dialog box, or an error message: "Windows cannot access the
specified device, path, or file. You may not have the
appropriate permissions to access the item."
http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
but you can give it a try.
Loading...