Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

SaveZoneInformation Revisited

- - - - -

  • Please log in to reply
2 replies to this topic

#1
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,365 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag
I guess most of you know what this is about. It's a well known tweak to disable the "file open security warning". It's very popular, even in this board (mentioned in more then 40 threads - and I read them all :wacko: ). However, all of them are only copy/paste, same as everywhere on the web - and the only credible source (The ONLY description at Microsoft) is very ambiguous.

Do not preserve zone information in file attachments
This policy setting lets you manage whether Windows marks file attachments that have information about their zone of origin. These zones or origin are Internet, intranet, and local. This policy setting requires the NTFS file system to function correctly and will fail without notice on systems that use FAT32. By not preserving the zone information, Windows cannot make appropriate risks assessments. If you enable this policy setting, Windows does not mark file attachments by using their zone information. If you disable this policy setting, Windows marks file attachments by using their zone information. If you do not configure this policy setting, Windows marks file attachments by using their zone information.

Group Policy	User Configuration\Administrative Templates\Windows Components\Attachment Manager

Registry Subkey	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Registry Entry	SaveZoneInformation	

Entry Value	On (1) or Off (2)
So, what value is needed to be set? Positive or negative logic? The "entry value" refers to "policy setting" or "registry entry"?

The main thing that raised my suspicion is that I discovered I had originally set the value to 2 (a couple of years ago - yeah, without reinstall :thumbup ) and never ever seen the warning. I searched the whole registry and found it on two places - both were set to 2). And although I use so many reg tweaks I can't keep track of them any more, the LowRiskFileTypes tweak, which often acompanies this one, is not present on my computer. If it's another (which is quite possible), which one?

And as I said, the only critical opinion on this tweak was this one (yeah, old threads are useful too), but the values aren't right, so again I'm suspicious.

As I don't have the energy to fire up a virtual machine and install XP SP2 or 3 to do the testing (but will do later on if necessary), I'm asking for any further meaningful info on the subject. B)

GL


How to remove advertisement from MSFN

#2
albator

albator

    Nlite Supporter

  • Member
  • PipPipPipPip
  • 666 posts
  • Joined 18-August 04
  • OS:Windows 7 x64
  • Country: Country Flag
Here infos from Microsoft:

http://support.microsoft.com/kb/883260

I can give you my method to disable it:

____________________________________________________
Run gpedit.msc, and go to Local Computer Policy\User

Configuration\Administrative Templates\Windows

Components\Attachment Manager and enable "Default risk level for file

attachments", and then enable "Inclusion list for low risk file types"

add .exe;.msi

No reboot needed

____________________________________________________

#3
GrofLuigi

GrofLuigi

    GroupPolicy Tattoo Artist

  • Member
  • PipPipPipPipPipPip
  • 1,365 posts
  • Joined 21-April 05
  • OS:none specified
  • Country: Country Flag
Stupid of me to try to find logic with Microsoft. :) I just set it to 2 and enjoy. As for my list of low risk file types, it's much much longer than that. I try to include every possible filetype I have on my HDDs. Why? Because this "feature" isn't a real protection, just an annoyance.

GL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users