• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
Sign in to follow this  
Followers 0
GrofLuigi

SaveZoneInformation Revisited

3 posts in this topic

I guess most of you know what this is about. It's a well known tweak to disable the "file open security warning". It's very popular, even in this board (mentioned in more then 40 threads - and I read them all :wacko: ). However, all of them are only copy/paste, same as everywhere on the web - and the only credible source (The ONLY description at Microsoft) is very ambiguous.

Do not preserve zone information in file attachments
This policy setting lets you manage whether Windows marks file attachments that have information about their zone of origin. These zones or origin are Internet, intranet, and local. This policy setting requires the NTFS file system to function correctly and will fail without notice on systems that use FAT32. By not preserving the zone information, Windows cannot make appropriate risks assessments. If you enable this policy setting, Windows does not mark file attachments by using their zone information. If you disable this policy setting, Windows marks file attachments by using their zone information. If you do not configure this policy setting, Windows marks file attachments by using their zone information.

Group Policy User Configuration\Administrative Templates\Windows Components\Attachment Manager

Registry Subkey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Registry Entry SaveZoneInformation

Entry Value On (1) or Off (2)

So, what value is needed to be set? Positive or negative logic? The "entry value" refers to "policy setting" or "registry entry"?

The main thing that raised my suspicion is that I discovered I had originally set the value to 2 (a couple of years ago - yeah, without reinstall :thumbup ) and never ever seen the warning. I searched the whole registry and found it on two places - both were set to 2). And although I use so many reg tweaks I can't keep track of them any more, the LowRiskFileTypes tweak, which often acompanies this one, is not present on my computer. If it's another (which is quite possible), which one?

And as I said, the only critical opinion on this tweak was this one (yeah, old threads are useful too), but the values aren't right, so again I'm suspicious.

As I don't have the energy to fire up a virtual machine and install XP SP2 or 3 to do the testing (but will do later on if necessary), I'm asking for any further meaningful info on the subject. B)

GL

0

Share this post


Link to post
Share on other sites

Here infos from Microsoft:

http://support.microsoft.com/kb/883260

I can give you my method to disable it:

____________________________________________________

Run gpedit.msc, and go to Local Computer Policy\User

Configuration\Administrative Templates\Windows

Components\Attachment Manager and enable "Default risk level for file

attachments", and then enable "Inclusion list for low risk file types"

add .exe;.msi

No reboot needed

____________________________________________________

0

Share this post


Link to post
Share on other sites

Stupid of me to try to find logic with Microsoft. :) I just set it to 2 and enjoy. As for my list of low risk file types, it's much much longer than that. I try to include every possible filetype I have on my HDDs. Why? Because this "feature" isn't a real protection, just an annoyance.

GL

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.