Jump to content

Winxp Download Security Prompt

I_Broke_My_MHZ

By I_Broke_My_MHZ
in Windows XP

 Share

Recommended Posts

I_Broke_My_MHZ

I_Broke_My_MHZ

Posted
Posted

I have made some restrictions in the group policy editor to limit what users can do on their computers. All seems to be going well, but there is one thing I cannot figure out. When a user downloads something they get the XP sp2 prompt that the file could be harmful and if they should download it. I dont want them to be able to see that prompt, I want winxp to automatically deny the download without a prompt. Is there any way I can do this?

Link to comment
Share on other sites

D.Celt

D.Celt

Posted
Posted

I'll assume you're using IE. You can use group policy to restrict file downloads that are not initiated by the user.

Open the policy editor and browse to computer configuration > administrative templates > windows components > internet explorer > security features > restrict file download

I'm not sure if this achieves what you're looking for, but I didn't find a way to restrict user initiated downloads.

Link to comment
Share on other sites
KAndle

KAndle

Posted
Posted

You need a special program to do that I believe. Server based virus protection has this ability to filter out all downloads or certain filetypes. If you prevented user from downloading at all though they wouldn't be able to download web pages either. Everything is downloaded in Internet Explorer, you don't always get a prompt for what to do with the file, IE already knows. There are Internet filter programs that can block certain filetypes but for what you want you must disable the Internet. Block port 80 in the firewall. You can set permissions and policies to prevent users from installing software though. A free cheap way is to set all suspect file types to run though notepad. Like .ZIP, .SCR & .VBS. This can't be done for EXE & HTML files though.

I believe you can force the download folder in Internet Explorer to a single location and then you don't give users write access to this folder. I think I have been on machines configured like that before.

Link to comment
Share on other sites
I_Broke_My_MHZ

I_Broke_My_MHZ

Posted
  • Author
Posted
I believe you can force the download folder in Internet Explorer to a single location and then you don't give users write access to this folder.  I think I have been on machines configured like that before.

How can I do that then?

I just want to prevent users from seeing the security prompt itself, doing that wont stop people from downloading web pages. It will just stop them in situations where the security prompt would popup.

Link to comment
Share on other sites
Takeshi

Takeshi

Posted
Posted

You would find some options in:

IE > Tools > Internet Options > Internet > Security Settings

• ActiveX controls and plug-ins

• Downloads

- Automatic prompting for file downloads

- File download

Then, set GP to hide the internet Options tabs so users cannot easily change the options.

This seems what you're after.

Link to comment
Share on other sites
Takeshi

Takeshi

Posted
Posted
Do those settings disable Save as
I 'm afraid I don't know offhand as I don't implement those settings.
but which registry keys is the question.

For the prompting in the Internet Zone it seems to be this:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

2200: 3 = Disabled

2200: 0 = Enabled

Have a look and verify it yourself before using it.

Have a look at a related thread:

http://www.msfn.org/board/index.php?showtopic=41869

Link to comment
Share on other sites
KAndle

KAndle

Posted
Posted

The options Takeshi said to set are correct to prevent downloads only in Internet Explorer. I have never used this option before so I can't comment of the scope of how it works (like in Outlook Express). It disables Save target as... also. It did allow me to still get the link into my Download Manager though.

If you are really concerned about improper downloads you should filter them at the server level. I am not familar with content filters too much (they will work though) but a server based anti-virus program like Trend Micro will let you block the downloading of any filetypes you want. I don't recommend relying on just the disabling of downloads to stop anything much. Suposedly there will be JPG viruses eventually. These files are automatically downloaded and saved to your Temporary Internet Files folder.. The disable options spoke of won't stop a malicous web page from installing garbage on your pcs without prompting or a new worm, only virus protection does that. That is just my 2 cents...

Link to comment
Share on other sites
Takeshi

Takeshi

Posted
Posted

There is another setting to disable file download as I said earlier.

You have moved your goalpost somewhat!

The XP download security prompt would, as logic implies, apply only to downloads via IE (probably to Explorer too) but downloads using other browsers and FTP would not be affected. Firefox, for example, has its own prompt.

KAndle has a point about malware embedded in webpages. Bear in mind also, many viruses and worms spread via email.

I'm not sure if limited users are prevented from downloading programs but this would in some way lessen the overall risk.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...