Yes, CheckExeSignatures is a string value, and it was set to 'no'. I have
played extensively with all the settings. I have manipulated the ‘Zone\1’
values to where I can get the behavior to change for other settings, such as
URLACTION_SHELL_FILE_DOWNLOAD and others, but I still am unable to prevent
the ‘publisher not verified’ dialog box.
I can turn off activex controls all together by manipulating the Zone
values, but I can not stop the prompt.
"KM" wrote:
> I don't think going to IE7 would help. The behavior of that security setting didn't change between IE6 and 7.
>
> Just to clarify, you did set the
> [HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"CheckExeSignatures"=reg_sz:"no".
> (please note the value type)
>
>
> No, policy entries don't necessarily have to be pre-populated in registry. If they are missing, the policies are considered "not
> configured" and usually it lead to behavior defined by documentation (check GPEdit for more info).
>
> --
> =========
> Regards,
> KM
>
>>I set the specified 3 registry settings (RunInvalidSig, CheckExe, &
>> SaveZone), and they had no effect.
>>
>> Under MKCU\Software\Policies\Microsoft, 'SystemCertificates' was the only
>> existing key, so 'Internet Explorer\Download' had to be created. Also, only
>> 'Explorer' existed at
>> HKCU\Software\Microsoft\Windows\CurrentVersion\Policies, so 'Attachments' had
>> to be created. Should these keys have already existed?
>>
>> Components "Primitive: CryptUI", "Internet Explorer" and "Windows XP Service
>> Pack 2 Resource DLL" are all included in the image.
>>
>> I also included everything needed to support installing IE7 into the image,
>> built it, then installed IE7. IE7 exhibits the same behavior, again with all
>> Advanced options set to allow everything and registry values all set to
>> 'enabled'.
>>
>> "KM" wrote:
>>
>>> Opps. Sorry, should be
>>> [HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"CheckExeSignatures"=reg_sz:"no".
>>>
>>> --
>>> =========
>>> Regards,
>>> KM
>>>
>>>> CStewart,
>>>>
>>>> My bad. I should've mentioned all the related keys there.
>>>>
>>>> [HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"RunInvalidSignatures"=dword:1
>>>> [HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"CheckExeSignatures"=dword:0
>>>> [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments],"SaveZoneInformation"=dword:1
>>>>
>>>> Please let us know if that helps you.
>>>>
>>>> Unlike this is you problem but just in case please check if you got "Primitive: CryptUI" component in your image config. Of
>>>> course, "Internet Explorer" and "Windows XP Service Pack 2 Resource DLL" components must be in your image as well.
>>>>
>>>> --
>>>> =========
>>>> Regards,
>>>> KM
>>>>
>>>>
>>>> "CStewart"
discussions.microsoft.com> wrote in message news:63EFCCB4-A6D8-4A0A-A62C-8AD2549FFF16@microsoft.com...>>>>> It is my understanding that the common location for this setting is
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Internet
>>>>> Explorer\Download]RunInvalidSignatures
>>>>>
>>>>> But regardless, the setting has no effect in either location. I wonder if
>>>>> anyone knows whether a missing component could be causing IE to not recognize
>>>>> or behave on the specified registry settings. Of the numerous settings I
>>>>> have tried, nothing has augmented the behavior of the dialog box; it always
>>>>> appears.
>>>>>
>>>>> "KM" wrote:
>>>>>
>>>>>> CStewart,
>>>>>>
>>>>>> I guess you are already tried this one?
>>>>>> [HKCU\Software\Policies\Microsoft\Internet Explorer\Download],"RunInvalidSignatures"=dword:0
>>>>>>
>>>>>> Corresponds to the "Allow software to run or install even if the signature is invalid" policy.
>>>>>>
>>>>>> --
>>>>>> =========
>>>>>> Regards,
>>>>>> KM
>>>>>>
>>>>>>> On Embedded with XPSP2 & Feature Pack 2007, whenever a web page containing a
>>>>>>> UserControl is opened, the user is presented with the 'Publisher could not be
>>>>>>> verified' dialog. IE (6 w/h SP2) is being brought up programmatically, as
>>>>>>> this embedded system has no keyboard or mouse with which to acknowledge the
>>>>>>> dialog box.
>>>>>>>
>>>>>>> This embedded system has no network connectivity, and I am not interested in
>>>>>>> digitally signing the user control dll.
>>>>>>>
>>>>>>> I have thoroughly gone through the myriad of registry settings which relate
>>>>>>> to the this issue, although one would think turning off the 'Check for
>>>>>>> signatures on downloaded programs' within IE would be enough. I have
>>>>>>> manipulated the LMZ and other zones, worked with the IE advanced settings, as
>>>>>>> well as other related registry settings
>>>>>>> (
http://blogs.msdn.com/embedded/archive/2005/06/06/425907.aspx). Nothing has
>>>>>>> had any effect.
>>>>>>>
>>>>>>> I have even strong named the assembly and signed it in an attempt to simply
>>>>>>> get different behavior, but to no avail.
>>>>>>>
>>>>>>> If anyone has any ideas, I would be keenly interested in hearing them.
>>>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>
>>>
>>>
>
>
>
