Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Autounattend - Open File - Security Warning


  • Please log in to reply
16 replies to this topic

#1
Kosvarnin

Kosvarnin
  • Member
  • 3 posts
  • Joined 25-February 10
  • OS:Windows 7 x64
  • Country: Country Flag
Here's the deal guys, and I am hoping someone out there has not had this issue. Technically I have two, but the "Open File - Securty Warning" is the bigger of the two. My unattended install works if I do not put any RunSyncgronousCommands, which we know is the new way to do RunOnce in Windows 7. I can get it to load without it, but if I add programs into the system I come across the issue. Obviously, the goal like most anyone is to have it run the files in order and without issue.

The programs I have tried to load and had this error are:
  • Java RunTime Installer
  • Filezilla
  • 7 Zip
  • Shockwave Re-Distributable Install
  • Flash Re-Distributable Install
  • Adobe Reader Re-Distributable Install
  • Citrix XenApp Web Client 11.2
  • etc...

I have tried the cmd.exe /c style of calling the applications and get the error. I have tried it without and get the error. I have tried using RunSyncgronousCommands in the 4-Specialize section of the XML and in the SyncgronousCommands of the 7-oobeSystem section of the XML.

Please note I am using the WAIK and that I am trying do this with Windows 7 Professional - x64 bit version. Has anyone had success with this? If so, how? The easiest way to get everyone on the same page is to just try getting Filezilla and Java installed without getting the prompt. Also, I have found that after RunSyncgronousCommands under 4-specilize get through the Deployment section, that is errors on the Deployment option for some reason. Windows won't give me much more of an error than that. Any help would be awesome.


How to remove advertisement from MSFN

#2
MrJinje

MrJinje

    Tool™ Developer

  • Developer
  • 1,031 posts
  • Joined 14-October 09
  • OS:Server 2012R2
  • Country: Country Flag
Take a look at this, there seems to be a fix after the OS is installed. But you would have to figure out how to push the needed reg settings into your profile before the synchronous commands run.

http://social.techne...14-5a20ce72cd7f

One method might be to mount your WIM offline and edit the hives manually, another could be to script it to occur during the setupcomplete.cmd stage.

I haven't had this problem at all with any .EXE during setupcomplete.cmd, maybe before going to all the above trouble, first try installing your apps using SetupComplete.cmd via the $OEM$ folders.

HINT: SetupComplete.cmd runs in an administrative context, while any synchronous commands only run as the logged in user.

Edited by MrJinje, 25 February 2010 - 03:03 PM.


#3
Kosvarnin

Kosvarnin
  • Member
  • 3 posts
  • Joined 25-February 10
  • OS:Windows 7 x64
  • Country: Country Flag

Take a look at this, there seems to be a fix after the OS is installed. But you would have to figure out how to push the needed reg settings into your profile before the synchronous commands run.

http://social.techne...14-5a20ce72cd7f

One method might be to mount your WIM offline and edit the hives manually, another could be to script it to occur during the setupcomplete.cmd stage.

I haven't had this problem at all with any .EXE during setupcomplete.cmd, maybe before going to all the above trouble, first try installing your apps using SetupComplete.cmd via the $OEM$ folders.

HINT: SetupComplete.cmd runs in an administrative context, while any synchronous commands only run as the logged in user.


This is the first I have heard of the SetupComplete.cmd method. To dig through the forums I will go to figure out that method. Should make things easier.

#4
Kosvarnin

Kosvarnin
  • Member
  • 3 posts
  • Joined 25-February 10
  • OS:Windows 7 x64
  • Country: Country Flag

Take a look at this, there seems to be a fix after the OS is installed. But you would have to figure out how to push the needed reg settings into your profile before the synchronous commands run.

http://social.techne...14-5a20ce72cd7f

One method might be to mount your WIM offline and edit the hives manually, another could be to script it to occur during the setupcomplete.cmd stage.

I haven't had this problem at all with any .EXE during setupcomplete.cmd, maybe before going to all the above trouble, first try installing your apps using SetupComplete.cmd via the $OEM$ folders.

HINT: SetupComplete.cmd runs in an administrative context, while any synchronous commands only run as the logged in user.



Worked very well. I even figured out how to get around the "Open File - Security Warning" on any files that would prompt that question, I would go to my PC and right-click the files and goto Properties. At the bottom of the properties windows is a button marked "Unblock". So, if I hit unblock on the file and save it to the media (which is a USB for me), then during unattended installation, the system will not have the issue. Not sure if other Vista or XP will not show the issue then or if there is a way to do this on them. However, if you have windows 7 OS as the system you are building you unattended on, then you should have that option. Also, I did not have to do it for MSI files even though they had the option. Anyways, thanks!

#5
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,020 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag

Donator

When I used to run XP systems, the first time the lab machine would run across this I would simply uncheck the "warn me..." box on that dialog, and it would do basically the same thing and noone else would have the issue running that same executable again.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#6
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
I run firstlogon commands via network share, and I get this warning too. Now, how exactly do I elevate it... does anybody have any good ideas?

#7
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
still no solution fellas?

#8
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,837 posts
  • Joined 28-April 06
  • OS:Windows 7 x86
  • Country: Country Flag

Donator

I run firstlogon commands via network share, and I get this warning too. Now, how exactly do I elevate it... does anybody have any good ideas?


I was going to ask this! Network share always prompts you as it is an Untrusted Zone. What I end up doing (to get past this issue) is to copy the installer files to the HDD and then have the installs run from there. The local machine is a trusted zone, and should not prompt you to run the programs. Of course, I copy the installers over before the machine boots and write a registry key so the programs load when the Desktop loads.

MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
tpxmsfn1_zps393339c1.jpg


#9
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
In IE8, if i were to add file://bbx (bbx is a network computer to advanced under intranet, this popup vanishes


So I've tried several of these in autounattend.xml

<LocalIntranetSites>\\bbx\</LocalIntranetSites>
<LocalIntranetSites>file://bbx/</LocalIntranetSites>
<LocalIntranetSites>files://bbx</LocalIntranetSites>

nothing works. entering ie8, local intranet, i dont see this added.

can anyone help

#10
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,020 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag

Donator

Since adding sites to a security zone is just a registry setting, why not make sure these are in the default user hive?
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#11
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
how exactly would i do that?

#12
MrJinje

MrJinje

    Tool™ Developer

  • Developer
  • 1,031 posts
  • Joined 14-October 09
  • OS:Server 2012R2
  • Country: Country Flag

how exactly would i do that?

It might be easier to export them from your registry. (then merge using a first login command or setupcomplete.cmd)

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

#13
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
I'll give that a shot, in any case, what's up with localintranetsites, how does that directive work, does anybody know?

#14
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,020 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag

Donator

I'll give that a shot, in any case, what's up with localintranetsites, how does that directive work, does anybody know?


http://technet.micro...588(WS.10).aspx

LocalIntranetSitesLocalIntranetSites specifies the URL for local intranet sites whose content can be trusted by administrators and users for whom Internet Explorer Enhanced Security Configuration (ESC) is enabled.

When Internet Explorer ESC is enabled, it reduces the exposure of your server to potential security attacks from Web pages that do not belong to the Local intranet zone.

For more information, see Microsoft-Windows-IE-ESC.

Posted ImageNote This setting is available only for Windows Server® 2008 family editions.


MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#15
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
		<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
			<RunSynchronous>
				<RunSynchronousCommand wcm:action="add">
					<Order>1</Order>
					<Path>reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bbx" /v "file" /t REG_DWORD /d 1 /f</Path>
					<Description>Whitelist BBX</Description>
				</RunSynchronousCommand>
<!--				<RunSynchronousCommand wcm:action="add">
					<Order>1</Order>
					<Path>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1806" /t REG_DWORD /d 0 /f && reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "CurrentLevel" /t REG_DWORD /d 0 /f</Path>
					<Description>Elevate open file security warning.</Description>
				</RunSynchronousCommand>-->
			</RunSynchronous>		
		</component>


any idea why this doesnt work?

#16
maxXPsoft

maxXPsoft

    MSFN Master

  • Developer
  • 2,878 posts
  • Joined 14-November 03
  • OS:Windows 7 x64
  • Country: Country Flag

[code=auto:0]
reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bbx" /v "file" /t
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1806" /t REG_DWORD /d 0 /f && reg add
any idea why this doesnt work?

to quote in an xml when you have blank spaces
cmd /c reg add &quot;HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bbx&quot; /v

Edited by maxXPsoft, 03 April 2010 - 12:49 AM.

Download ++> Windows 7 + 8 Unattended DVD + App Installer + Services Disabler + Load All Button + XML Creator
Jump2Reg - Registry: - Oct 4, 2013 - Version 3.0.4 - 98, ME, NT, 2K, XP, VISTA, Seven, Windows 8+ and 32 or 64 bit

XP Unattended CD/DVD creator - Version 4.1.7
Sample xml + Setupcomplete + Add Right click .wim Windows 7 or Windows 8/8.1

#17
biatche

biatche

    Member

  • Member
  • PipPip
  • 192 posts
  • Joined 23-November 05
Fixed it. doesnt require cmd /c.

Used HKLM instead of HKCU.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users