I would probably try user configuration/administrative templates/system/code signing for device drivers:
Determines how the system responds when a user tries to install device driver files that are not digitally signed. This setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established. When you enable this setting, use the drop-down box to specify the desired response. -- "Ignore" directs the system to proceed with the installation even if it includes unsigned files. -- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default. -- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed. To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button. John "Steve Patrick" <[EMAIL PROTECTED] st.net> To Sent by: <ActiveDir@mail.activedir.org> [EMAIL PROTECTED] cc ail.activedir.org Subject Re: [ActiveDir] OT: TS Security 09/25/2005 12:09 Warning and GPO PM Please respond to [EMAIL PROTECTED] tivedir.org perhaps the following reg key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing steve ----- Original Message ----- From: "Creamer, Mark" <[EMAIL PROTECTED]> To: <ActiveDir@mail.activedir.org> Sent: Sunday, September 25, 2005 6:52 AM Subject: [ActiveDir] OT: TS Security Warning and GPO We have a number of terminal servers running various apps, with a OU-level GPO managing their settings. A new Windows 2003 terminal server was recently added to the OU, and it is the only one running an older legacy app. When a user starts the application, it pops up a warning saying "The publisher could not be verified. Are you sure you want to run this software?" I haven't been able to figure out how to turn off this warning. Does anyone know how to set it either on this server or at my GPO? Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/