Kosvarnin Posted February 25, 2010 Posted February 25, 2010 Here's the deal guys, and I am hoping someone out there has not had this issue. Technically I have two, but the "Open File - Securty Warning" is the bigger of the two. My unattended install works if I do not put any RunSyncgronousCommands, which we know is the new way to do RunOnce in Windows 7. I can get it to load without it, but if I add programs into the system I come across the issue. Obviously, the goal like most anyone is to have it run the files in order and without issue.The programs I have tried to load and had this error are:Java RunTime InstallerFilezilla7 ZipShockwave Re-Distributable InstallFlash Re-Distributable InstallAdobe Reader Re-Distributable InstallCitrix XenApp Web Client 11.2etc...I have tried the cmd.exe /c style of calling the applications and get the error. I have tried it without and get the error. I have tried using RunSyncgronousCommands in the 4-Specialize section of the XML and in the SyncgronousCommands of the 7-oobeSystem section of the XML.Please note I am using the WAIK and that I am trying do this with Windows 7 Professional - x64 bit version. Has anyone had success with this? If so, how? The easiest way to get everyone on the same page is to just try getting Filezilla and Java installed without getting the prompt. Also, I have found that after RunSyncgronousCommands under 4-specilize get through the Deployment section, that is errors on the Deployment option for some reason. Windows won't give me much more of an error than that. Any help would be awesome.
MrJinje Posted February 25, 2010 Posted February 25, 2010 (edited) Take a look at this, there seems to be a fix after the OS is installed. But you would have to figure out how to push the needed reg settings into your profile before the synchronous commands run. http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/e3008c75-48b4-4a6c-bc14-5a20ce72cd7fOne method might be to mount your WIM offline and edit the hives manually, another could be to script it to occur during the setupcomplete.cmd stage. I haven't had this problem at all with any .EXE during setupcomplete.cmd, maybe before going to all the above trouble, first try installing your apps using SetupComplete.cmd via the $OEM$ folders.HINT: SetupComplete.cmd runs in an administrative context, while any synchronous commands only run as the logged in user. Edited February 25, 2010 by MrJinje
Kosvarnin Posted February 27, 2010 Author Posted February 27, 2010 Take a look at this, there seems to be a fix after the OS is installed. But you would have to figure out how to push the needed reg settings into your profile before the synchronous commands run. http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/e3008c75-48b4-4a6c-bc14-5a20ce72cd7fOne method might be to mount your WIM offline and edit the hives manually, another could be to script it to occur during the setupcomplete.cmd stage. I haven't had this problem at all with any .EXE during setupcomplete.cmd, maybe before going to all the above trouble, first try installing your apps using SetupComplete.cmd via the $OEM$ folders.HINT: SetupComplete.cmd runs in an administrative context, while any synchronous commands only run as the logged in user.This is the first I have heard of the SetupComplete.cmd method. To dig through the forums I will go to figure out that method. Should make things easier.
Kosvarnin Posted March 1, 2010 Author Posted March 1, 2010 Take a look at this, there seems to be a fix after the OS is installed. But you would have to figure out how to push the needed reg settings into your profile before the synchronous commands run. http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/e3008c75-48b4-4a6c-bc14-5a20ce72cd7fOne method might be to mount your WIM offline and edit the hives manually, another could be to script it to occur during the setupcomplete.cmd stage. I haven't had this problem at all with any .EXE during setupcomplete.cmd, maybe before going to all the above trouble, first try installing your apps using SetupComplete.cmd via the $OEM$ folders.HINT: SetupComplete.cmd runs in an administrative context, while any synchronous commands only run as the logged in user.Worked very well. I even figured out how to get around the "Open File - Security Warning" on any files that would prompt that question, I would go to my PC and right-click the files and goto Properties. At the bottom of the properties windows is a button marked "Unblock". So, if I hit unblock on the file and save it to the media (which is a USB for me), then during unattended installation, the system will not have the issue. Not sure if other Vista or XP will not show the issue then or if there is a way to do this on them. However, if you have windows 7 OS as the system you are building you unattended on, then you should have that option. Also, I did not have to do it for MSI files even though they had the option. Anyways, thanks!
cluberti Posted March 1, 2010 Posted March 1, 2010 When I used to run XP systems, the first time the lab machine would run across this I would simply uncheck the "warn me..." box on that dialog, and it would do basically the same thing and noone else would have the issue running that same executable again.
biatche Posted March 5, 2010 Posted March 5, 2010 I run firstlogon commands via network share, and I get this warning too. Now, how exactly do I elevate it... does anybody have any good ideas?
Tripredacus Posted April 1, 2010 Posted April 1, 2010 I run firstlogon commands via network share, and I get this warning too. Now, how exactly do I elevate it... does anybody have any good ideas?I was going to ask this! Network share always prompts you as it is an Untrusted Zone. What I end up doing (to get past this issue) is to copy the installer files to the HDD and then have the installs run from there. The local machine is a trusted zone, and should not prompt you to run the programs. Of course, I copy the installers over before the machine boots and write a registry key so the programs load when the Desktop loads.
biatche Posted April 1, 2010 Posted April 1, 2010 In IE8, if i were to add file://bbx (bbx is a network computer to advanced under intranet, this popup vanishesSo I've tried several of these in autounattend.xml<LocalIntranetSites>\\bbx\</LocalIntranetSites><LocalIntranetSites>file://bbx/</LocalIntranetSites><LocalIntranetSites>files://bbx</LocalIntranetSites>nothing works. entering ie8, local intranet, i dont see this added.can anyone help
cluberti Posted April 1, 2010 Posted April 1, 2010 Since adding sites to a security zone is just a registry setting, why not make sure these are in the default user hive?
MrJinje Posted April 2, 2010 Posted April 2, 2010 how exactly would i do that?It might be easier to export them from your registry. (then merge using a first login command or setupcomplete.cmd)HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
biatche Posted April 2, 2010 Posted April 2, 2010 I'll give that a shot, in any case, what's up with localintranetsites, how does that directive work, does anybody know?
cluberti Posted April 2, 2010 Posted April 2, 2010 I'll give that a shot, in any case, what's up with localintranetsites, how does that directive work, does anybody know?http://technet.microsoft.com/en-us/library/cc749588(WS.10).aspxLocalIntranetSitesLocalIntranetSites specifies the URL for local intranet sites whose content can be trusted by administrators and users for whom Internet Explorer Enhanced Security Configuration (ESC) is enabled.When Internet Explorer ESC is enabled, it reduces the exposure of your server to potential security attacks from Web pages that do not belong to the Local intranet zone.For more information, see Microsoft-Windows-IE-ESC.Note This setting is available only for Windows Server® 2008 family editions.
biatche Posted April 2, 2010 Posted April 2, 2010 <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Order>1</Order> <Path>reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bbx" /v "file" /t REG_DWORD /d 1 /f</Path> <Description>Whitelist BBX</Description> </RunSynchronousCommand><!-- <RunSynchronousCommand wcm:action="add"> <Order>1</Order> <Path>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1806" /t REG_DWORD /d 0 /f && reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "CurrentLevel" /t REG_DWORD /d 0 /f</Path> <Description>Elevate open file security warning.</Description> </RunSynchronousCommand>--> </RunSynchronous> </component>any idea why this doesnt work?
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now