I would probably try user configuration/administrative
templates/system/code signing for device drivers:
Determines how the system responds when a user tries to install device
driver files that are not digitally signed.
This setting establishes the least secure response permitted on the systems
of users in the group. Users can use System in Control Panel to select a
more secure setting, but when this setting is enabled, the system does not
implement any setting less secure than the one the setting established.
When you enable this setting, use the drop-down box to specify the desired
response.
-- "Ignore" directs the system to proceed with the installation even if
it includes unsigned files.
-- "Warn" notifies the user that files are not digitally signed and lets
the user decide whether to stop or to proceed with the installation and
whether to permit unsigned files to be installed. "Warn" is the default.
-- "Block" directs the system to refuse to install unsigned files. As a
result, the installation stops, and none of the files in the driver package
are installed.
To change driver file security without specifying a setting, use System in
Control Panel. Right-click My Computer, click Properties, click the
Hardware tab, and then click the Driver Signing button.
John
"Steve Patrick"
<[EMAIL PROTECTED]
st.net> To
Sent by: <ActiveDir@mail.activedir.org>
[EMAIL PROTECTED] cc
ail.activedir.org
Subject
Re: [ActiveDir] OT: TS Security
09/25/2005 12:09 Warning and GPO
PM
Please respond to
[EMAIL PROTECTED]
tivedir.org
perhaps the following reg key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing
steve
----- Original Message -----
From: "Creamer, Mark" <[EMAIL PROTECTED]>
To: <ActiveDir@mail.activedir.org>
Sent: Sunday, September 25, 2005 6:52 AM
Subject: [ActiveDir] OT: TS Security Warning and GPO
We have a number of terminal servers running various apps, with a OU-level
GPO managing their
settings. A new Windows 2003 terminal server was recently added to the OU,
and it is the only one
running an older legacy app. When a user starts the application, it pops up
a warning saying "The
publisher could not be verified. Are you sure you want to run this
software?" I haven't been able to
figure out how to turn off this warning. Does anyone know how to set it
either on this server or at my
GPO?
Thanks!
Mark Creamer
This e-mail transmission contains information that is intended to be
confidential and privileged. If you receive this e-mail and you are not a
named addressee you are hereby notified that you are not authorized to
read,
print, retain, copy or disseminate this communication without the consent
of
the sender and that doing so is prohibited and may be unlawful. Please
reply to the message immediately by informing the sender that the message
was misdirected. After replying, please delete and otherwise erase it and
any attachments from your computer system. Your assistance in correcting
this error is appreciated.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
