Windows security warning after RIS completes...

[Kreabea]

Hi all,

After the risk task completes I get a warning just like the following one (except for the fact that the actual one is after_ris_tasks.cmd). I have to respond or else the installation does not continue...

Anyone knows what to do? Been searching for hours/days, but couldnt find a good solution.

I added DriverSigningPolicy = Ignore & NonDriverSigningPolicy = Ignore to the SIF file, but that didnt help...

Thx in advance.

Edited August 17, 2005 by Kreabea

[mls15000]

I have the same thing happening to me. I can't figure it out. I have a VB script that call to a file server to install our antivirus program. if I go to start/run and type \\servername\blah\blah.exe it runs fine, but through the script calling the same line I get that promt. i tried using send keys to do tab,tab,enter, but not working so well.

[InTheWayBoy]

I don't think that has anything to do with DriverSigning...that is a new feature with SP2, so look for something along that lines. I don't have an answer, but I figure that might help you along. Also, google the text it says, minus the actual file...that should at least bring up relavent results...good luck!

[mls15000]

it is a feature of SP2, thats all I was ever able to find through google. I tried setting IE security way down to allow the install or searched for registry settings to temporarilly disable the security but had no luck.

[Kreabea]

well....one thing I do know is that you can set this setting in the policy. (attachment manager in user config, for as far i can remember), but that doesnt help me, because at initial installation the system doesnt login to the domain...

I googled my a** off by the way and couldnt find anything RIS related.

[InTheWayBoy]

You're right...not much info on disabling that...it's technical name is "Attachment Execution Services" but I couldn't find any real info on it other than what it does.

Funny thing though is on my XPSP2 RIS Install I don't get those at all...here's my winnt.sif:

[Data]
MSDOSInitiated="0"
UnattendedInstall="Yes"

[Unattended]
UnattendMode="FullUnattended"
UnattendSwitch="Yes"
OemPreinstall="Yes"
FileSystem="*"
TargetPath="\WINDOWS"
OemSkipEula="Yes"
DriverSigningPolicy="Ignore"
WaitForReboot="No"

[UserData]
ProductKey=""
FullName="User Name"
OrgName="Company"
ComputerName="Computer"

[GuiUnattended]
OemSkipWelcome="1"
OemSkipRegional="1"
TimeZone="35"
AdminPassword="*"

[Display]
AutoConfirm="1"

[Networking]
InstallDefaultComponents="Yes"

[Identification]
JoinWorkgroup="WORKGROUP"

[Shell]
DefaultThemesOff="Yes"

[Components]
msmsgs="Off"
msnexplr="Off"
indexsrv_system="Off"

Now that isn't the actual RIS winnt.sif, but I use the same options in it, except for the extra fluff RIS needs. If you want, I can post the actual RIS winnt.sif tomorrow when I get back to the complex...

[Kreabea]

Thx so far! And yes, I really would appreciate the RIS sif.

I'll have a look at this sif now, maybe there's an obvious difference with mine.

-edit- Couldn't find anything related to the problem. So i'm hoping to find a forgotten switch in your RIS related sif file.

Edited August 18, 2005 by Kreabea

[mls15000]

I only get it after my machine joins the domain. The funny thing is I use mostly the same code from our login script that install this same app. if I let the login script install the app, it installs fine. but I am trying to eliminate a good chunk of the login script so it's easier to manage.

[Noise]

I get the same thing ocassionally. There's probably a registry setting to disable this - but I'll be damned if i can find it.

I also get this warning when trying to run vbs scripts and executables from network drives.

[snooz]

I had the same problem with my RIS Image of WinXPSP2. Basically anytime you have a file that is downloaded from another source this warning will pop up on you. All you have to do is right click properties and select unblock. Now no matter where you put the file it won't give you the nag screen.

Edited August 18, 2005 by snooz

[InTheWayBoy]

Here is my RIS.sif:

[Data]
FloppyLess="1"
MsDosInitiated="1"
OriSrc="\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
OriTyp="4"
LocalSourceOnCD="1"
DisableAdminAccountOnDomainJoin="0"
UnattendedInstall="Yes"
AutoPartition="0"
AutomaticUpdates="Yes"


[SetupData]
OsLoadOptions="/noguiboot /fastdetect"
SetupSourceDevice="\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"


[Unattended]
DUDisable="Yes"
UnattendMode="FullUnattended"
UnattendSwitch="Yes"
OemPreinstall="Yes"
FileSystem="*"
Repartition="No"
ExtendOEMPartition="0"
TargetPath="\WINDOWS"
OemSkipEula="Yes"
DriverSigningPolicy="Ignore"
NonDriverSigningPolicy="Ignore"
Hibernation="No"
WaitForReboot="No"
OEMPnPDriversPath="Drivers\00_ASATA;Drivers\00_INF;Drivers\01_NIC;Drivers\02_815;Drivers\02_845;Drivers\02_945;Drivers\02_NVA;Drivers\03_CSB;Drivers\03_LAP;Drivers\03_MAX;Drivers\03_MAXII;Drivers\04_MOD1;Drivers\04_MOD2;Drivers\04_MOD3;Drivers\04_MOD4;Drivers\04_MOD5;Drivers\04_MOD6"
InstallFilesPath="\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
LegacyNIC="1"


[UserData]
ProductKey=""
FullName="Workstation"
OrgName="Apex Home Healthcare"
ComputerName="APEX001"


[GuiUnattended]
OemSkipWelcome="1"
OemSkipRegional="1"
TimeZone="%TIMEZONE%"
AdminPassword="*"


[GuiRunOnce]
"%SYSTEMDRIVE%\WPI\WPI.CMD"


[Display]
AutoConfirm="1"
BitsPerPel="32"
XResolution="800"
YResolution="600"
VRefresh="60"


[Networking]
InstallDefaultComponents="Yes"


[NetServices]
MS_Server="params.MS_PSched"


[Components]
msmsgs="Off"
msnexplr="Off"
indexsrv_system="Off"
fax="On"
OEAccess="Off"


[WindowsFirewall]
Profiles="WindowsFirewall.TurnOffFirewall"


[WindowsFirewall.TurnOffFirewall]
Mode="0"


;[Identification]
;JoinDomain="%MACHINEDOMAIN%"
;DoOldStyleDomainJoin="Yes"


[RemoteInstall]
Repartition="No"
UseWholeDisk="No"


[OSChooser]
Description="Apex Healthcare - WinXP"
Help="Automatically installs and configures WinXP Pro to Apex Healthcare standards."
LaunchFile="%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com"
ImageType=Flat
Version="5.1 (2600)"

[mls15000]

Found a fix. Add this to your registry tweaks. Just tested it on my image and works great!

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov
;.mp3;.m3u;.wav;"

[b1ff]

start /wait msiexec /i %source%\common\infostore\InfoStore.msi ALLUSERS=2 /q

This seems to work perfectly smooth, at least it does for me

Good luck,

b1ff

[Bastian_W]

@b1ff

Do you use a slipstreamed SP2?

This fixed not the problem on my system

[Generic]

Hey Guys, we had the same problem here too. I forget how we fixed it but I was looking through my regedits and I think this might help you out:

;-----

;----- Remove download security

;----- Gets rid of anoying popup for running files you download from internet

;-----

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]

"CheckExeSignatures"="no"

"RunInvalidSignatures"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]

"SaveZoneInformation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]

"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mo

v;.mp3;.m3u;.wav;"

Hope that helps.

** Sorry, just realized someone else posted the same reg fix as me. My bad.

Edited October 24, 2005 by Generic