Geeks With Blogs
Robert's Sysadmin Blog Unraveling the datacenter one fibre at a time

Oke.. so when our heavily managed users (heavily managed though group policy) on Windows XPSP2 try to open an .sgimb extention (Kasenna StreamPlayer) from a webpage, they get the standard explorer security dialog-box asking them if they want to open or save the file. After they click though, the file opens properly in the Kasenna player.
This is undesireable, we want to get rid of the dialog box popping up.

We tried adding the extention in the "inclusion list for low file types" in group policy, under administrative templates/windows components/Attachment Manager.  (this is in the user node)

This policy setting allows you to configure the list of low risk file types. If the attachment is in the list of low risk file types, Windows will not prompt the user before accessing the file, regardless of the file’s zone information. This inclusion list overrides the list of high risk file types built into Windows and has a lower precedence than the High or Medium risk inclusion lists (where an extension is listed in more than one inclusion list.)  If you enable this policy setting you can specify file types which pose a low risk.  If you disable this policy setting Windows uses its default trust logic.  If you do not configure this policy setting Windows uses its default trust logic.

We also have the Administrative Templates\Windows Components\Attachment Manager\Default risk level for file attachments set to HIGH

This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments, you may also need to configure the trust logic for file attachments.  High Risk – If the attachment is in the list of high risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.  Moderate Risk - If the attachment is in the list of moderate risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file.  Low Risk - If the attachment is in the list of low risk file types, Windows will not prompt the user before accessing the file, regardless of the file’s zone information.  If you enable this policy setting you can specify the default risk level for file types.  If you disable this policy setting Windows sets the default risk level to moderate.  If you do not configure this policy setting Windows sets the default risk level to moderate.


Somehow though.. this isn't working properly to override the default behavior for this extention. We must be overlooking something.

An alternative is to set the overide using a registry hack on the classes subkey, but that is gonna be a bit wierd.

 

 

Posted on Tuesday, December 7, 2004 4:45 PM Tech , In The Trenches | Back to top


Comments on this post: ITT: Inclusion list for low (security) file types (unsolved)

# re: Inclusion list for low file types
Requesting Gravatar...
Not real familure with GPO, but the standard solution is to tell IE to not ask everything regarding that file extension. eg. Uncheck the box that says Always ask before opening this file type.
Left by Mr.Jester on Jan 16, 2005 5:27 PM

Your comment:
 (will show your gravatar)


Copyright © Robert Kloosterhuis | Powered by: GeeksWithBlogs.net