Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Disable Security Warning for Drives mapped to dfs servers

2,650 views
Skip to first unread message

find...@gmail.com

unread,
Nov 11, 2008, 6:45:37 AM11/11/08
to
Hello!

I can access a program on a dfs share without security warning. (I
addes the dfs domain to the local intranet)

I get a security warning when start the same program using a drive
letter mapped to the same share. I cannot at the drive letter to the
local intranet.

Now I am searching for a way to disable the security warning via GPOs
for my domain. Is there any solution?

Bernd Köster

Anthony [MVP]

unread,
Nov 14, 2008, 4:16:15 AM11/14/08
to
You can set it to trust a file path, with "file://server"
You can also uncheck the policy setting: Admin Templates\Internet
Explorer\Internet Control Panel\Security Page\Turn on automatic detection of
the Intranet. The settings here block remote execution except for specified
Trusted Sites, which can be a problem.
Anthony,
http://www.airdesk.co.uk


<find...@gmail.com> wrote in message
news:12b11085-ef83-4ea0...@s9g2000prm.googlegroups.com...

find...@gmail.com

unread,
Nov 21, 2008, 6:45:58 AM11/21/08
to
The file://server is set. This is set to the dfs path. I have no
problem starting an executable using the unc path
\\domain\dfs\path\sub\executable.exe

Now I use:
net use /persistent:yes Z: \\domain\dfs\path

Starting the Z:\sub.executable from the windows explorer throw the
security warning

The automatic detection of the intranet is turned off.

I use Windows 2008 as server for the dfs, the shares are located on
the windows 2003 SBS. A Windows 2003 SBS as domain server and Windows
XP as client OS.

I want to switch to Windows 2008 and using dfs. But with these
warnings I have no chance to get the user acceptance I need.

Bernd Köster

> > Bernd K�ster

Anthony [MVP]

unread,
Nov 30, 2008, 3:21:00 AM11/30/08
to
OK, I see what you mean. So it allows execution from explicit Trusted Sites,
but not from a local server.
If you try not using the GP for restricted zones at all, does it work? Then
you can narrow down which policy causes the problem. I have had problems
with the interaction between the automatic detection policy, and the
"Include all local (Intranet) sites not listed in other zones..." policy.
Anthony,
http://www.airdesk.co.uk

<find...@gmail.com> wrote in message
news:b1ce7158-7d0f-4ddd...@41g2000yqf.googlegroups.com...

Johnson@discussions.microsoft.com Svante Johnson

unread,
Dec 5, 2008, 7:48:02 AM12/5/08
to
Try to either add file://Z:\ to the Intranet zone or add the following key to
the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\foo.bar]
"file"=dword:00000001

Replace foo.bar with your domain. If you add the registry key manually make
sure you don't use any group policies to specify other site to zone
assignment.

/ Svante

tetedes...@gmail.com

unread,
Apr 3, 2014, 9:02:44 AM4/3/14
to
Le mardi 11 novembre 2008 12:45:37 UTC+1, find...@gmail.com a écrit :
>
> Now I am searching for a way to disable the security warning via GPOs
> for my domain. Is there any solution?
>
> Bernd Köster

Hi,

I'm writing here the solution because it was a little hard to find the right syntax to trust a DFS path (hope this may help someone watching this page) :

Create a GPO applied to the computers

Browse to Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment

Check Enable and click to display the zone assignments

Add an assignment :

Name : //yourdomain.local
value : 1

(this is the value for intranet zone)

Submit the changes and apply this (using gpupdate on computers if you want to test immediately)

Warnings on explorer and Office apps are gone ! Enjoy your DFS without nag screens.

best wishes
Francois

0 new messages