Windows Security Warnings

[JayMan]

I wish to disable these warnings. I access many files from a networked server, so this warning pops up constantly. I wish to disable it.

 

The instuctions online to resolve this issue require ne to go into IE and modify the zones. Problem with that is that I, via nLite, removed IE - so I'm not able to implement their solutions. Seeing that I have removed IE, its odd that this warning even exists.

 

Anyone have any ideas?

[submix8c]

Hints -

http://myitforum.com/myitforumwp/2012/05/03/adding-a-site-to-trusted-site-or-local-intranet/

https://msdn.microsoft.com/en-us/library/ie/ms537181%28v=vs.85%29.aspx

High-level Node is the Primary Key to add. Underneath is a Sub-Key to add. Below that is ithe Value to add.

My Website (seldom started) example -

HTTP://MARTIN-ENTLTD.NO-IP.ORG

REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\no-ip.org][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\no-ip.org\martin-entltd]"http"=dword:00000001

HTH

Edited February 1, 2015 by submix8c

[JayMan]

So I would add the ip address of the server?

 

So for example:

REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\192.168.xxx.xxx]"http"=dword:00000001

Thanks

[submix8c]

For "HTTP", yes. For FTP use "FTP". BTW, there's a difference between "Internet" and "Intranet". The "Dword value" is a pointer to a Zone. See this -

http://support.microsoft.com/kb/182569

 

You have a lot of reading to do about Security Settings in the Registry, my friend. You could have kept IE and just not used it. The only time you have a "security hole" is if you actually use it to access a Website. Otherwise, you could have used it *just* to set those Security Settings. But, you insisted on removal via the FDV Fileset.

 

There's paranoia (red pill) and extreme paranoia (blue pill). You chose the blue pill.

 

Just take a look in the Registry at those places I indicated.

 

BTW/FYI, SpyBot inserts a whole pile of "Restricted Sites" in there and also puts them into the "HOSTS" file.

 

HTH, and good luck!

[JayMan]

Maybe I didn't ask my question correctly. I am not using HTTP nor FTP. I am accessing files on a NAS using mapped network drives of the shared folders on the NAS. Whenever I try to copy or move or run files on the NAS, these security warnings pop up.

So what value would I use, as HTTP nor FTP sound right in this situation.

 

Reading what you linked, and doing other research I found some stuff out:

There is an issue with how IE appoints an item as intranet or internet. If you map a drive using the IP address it shows up as INTERNET due to the usage of the dots!!! So annoying - Win2K never did such a thing! So the alleged work around is to add the IP address into the "INTRANET SITES" in the IE settings.

 

However if I used the name of the NAS to map, it still was showing as INTERNET. I created a new slipstream, this time I got rid of the IE8 files, just just used the IE6. This fixed the error with the name, but not the IP.

 

I created a new slipstream with the IE core files. I added the IP to the "INTRANET SITES", but the drive is still showing as INTERNET.

 

BTW: I stated in the other thread that I used nLite to remove IE, not the FDV file set.

 

Thanks for the help thus far.

[submix8c]

Try using the NAS Machine Name. I also have an entry for mine using "http". Here's my Full Intranet settings (as shown in IE).

hcp://systemhttp://localhosthttps://localhosthttp://martin-entltd.no-ip.orghttp://<computername>

I've replaced my Machine Name. Just (try to) use the NAS Computer Name.

I also have "Reqiure Server Verification" turned off (unchecked).

 

HTH

 

Yep, that appears to be the problem! See this -

http://forums.dlink.com/index.php?topic=13033.0

Edit - give it a go. If it works, get/create the REG entries, and reinstall without IE, if it suits you.

Edited February 3, 2015 by submix8c

[JayMan]

Thanks for the reply. As I stated, using the machine name (thanks for reminding me of the term) works fine under IE6 - its when I use the IP address that it hiccups.

 

For some reason every so often the NAS gets amnisia and forgets its name. So in order to connect to it I have to reboot it - very annoying. However if I map using the IP, if it gets amnisia the map still works! WinXP for what ever reason changed its criteria and is making IP address INTERNET. So I need to somehow get XP to act like 2K.

 

Thank you so much for that link! I'm going to make a iso with the IE core files included and try that. I'll post the results later.

[jaclaz]

Wait a minute.

 

Which NAS is it?

Which Filesystem is used on the NAS?

 

I mean, is it not that the Source file(s) (on the NAS) have an ADS with Zone 3 or 4?

http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx

 

IF this is the case, the issue is not in the XP itself, but rather in the file(s).

Somethign like this:

http://www.gasanov.net/ZoneIDTrimmer.asp

may be of use then...

 

You may mitigate the issue, depending on the file types by using an appropriate policy:

http://support.microsoft.com/kb/883260/en-us

and a low risk type list ...

or downright use SEE_MASK_NOZONECHECKS

http://smallvoid.com/article/ie-attachment-manager.html

http://support.microsoft.com/kb/889815/en-us

 

jaclaz

[JayMan]

Wow, thank you for the links! None of the aplly to this current situations, but it was very informative and educational - never really knew about ADSs.

 

My NAS is a WD My Book World Edition. It uses teh XFS file system - so no ADSs on the files coming from it.

 

As I see it now: the issue is that WinXP is seeing anything with an IP address as INTERNET.

Win2K is smart enough to know that the IP address with 192.168.X.X is INTRANET, why doesn't WinXP?

[jaclaz]

As I see it now: the issue is that WinXP is seeing anything with an IP address as INTERNET.

Win2K is smart enough to know that the IP address with 192.168.X.X is INTRANET, why doesn't WinXP?

More exactly (yes, I do know I am picky) the difference is more between LAN and WAN.

Internet or Intranet is more about world wide or local connection that use a protocol such as http or ftp and similar.

 

If you prefer, I suspect that the change is more related to the Windows XP built-in Firewall and IPSEC than on "internet zones" as configured in Internet Explorer and similar .

 

BUT with stupid integration/mixup between Windows Explorer/Internet Explorer/Control Panel/Firewall settings, you can NEVER say for sure which  is which, most probably the issue is due to having a dot (yes a dot, or period/full stop) in the address see:

http://serverfault.com/questions/176874/why-is-my-file-server-in-the-internet-zone

http://support.microsoft.com/kb/303650/en-us

 

jaclaz

[submix8c]

Check the Security Level Settings in the Intranet/Internet Zones in the IE Options.

 

I had a heck of a time "turning off" those stupid blockages. See each line item within it and look up what it "does".

 

I'd list mine for you but ATM I'm drinking Neros (cheap beer). Pulled an all-nighter figuring out how to allow "download" of a DAT file from my website. (needs MIME setting for the given file in the IIS Web Setup).

 

Sorry I can't help anymore (other than my Settings). There *has* to be an answer...