从网络共享打开文件时的安全警告

发布于 2024-08-29 01:38:52 字数 538 浏览 12 评论 0原文

我已经创建了一个已签名的安装可执行文件。它位于网络共享上(我使用 unc - \server\share\setup.exe 访问该网络共享)。

当我双击可执行文件时,我收到一条 Windows 警告:

Title: Open File -> Security Warning
Do you want to run this file?
Name: setup.exe
Publisher: My Company
Type: Application
From: \\Path\to\setup\folder

然后有一个黄色盾牌,上面写着“虽然来自 Internet 的文件可能有用,但此文件类型可能会损害您的计算机。仅运行来自您信任的发行商的软件。” ”在它旁边。

我猜我可以将 Windows 配置为信任我公司的软件。我还认为可以禁用特定的安全检查来消除警告。或者我可以告诉 Windows 将 UNC 路径视为本地路径。

还有其他方法可以禁用警告吗?我不希望我的客户在从网络共享安装软件时看到此警告。我不想告诉这些客户禁用某些安全检查。

I've created a setup executable which I have signed. It's located on a network share (which I access using unc - \server\share\setup.exe).

When I double click the executable file, I get a Windows warning saying:

Title: Open File -> Security Warning
Do you want to run this file?
Name: setup.exe
Publisher: My Company
Type: Application
From: \\Path\to\setup\folder

Then there's a yellow shield with the text "While files from the Internet can be useful, this file type can potentially harm your computer. only run software from publihers you trust." next to it.

I'm guessing I could configure Windows to trust software from my company. I also think that it's possible to disable specific security checks to get rid of the warning. Or I could tell Windows to consider UNC-paths local.

Is there some other method to disable the warning? I don't want my customers to see this warning when they install the software from their network share. And I don't want to tell these customers to disable certain security checks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

情话难免假 2024-09-05 01:38:52

在 Internet Explorer 中:

  1. 工具菜单 → Internet 选项安全选项卡
  2. 单击本地 Intranet 图标将其选中
  3. 单击 >站点 选中
  4. 自动检测 Intranet 网络
  5. 单击高级
  6. 将此网站添加到区域: 文本框中输入 file ://计算机名或IP(在您的情况下file://path)。
  7. 单击添加
  8. 单击关闭确定,然后再次单击确定退出“Internet 选项”。

或者,您可以取消选中自动检测 Intranet 网络,然后选中其他三个复选框。这使您不必手动输入每个计算机名称,但允许所有网络路径可能并不安全。

另请参阅

In Internet Explorer:

  1. Tools menu → Internet OptionsSecurity tab
  2. Click Local Intranet icon to select it
  3. Click Sites
  4. Check Automatically detect intranet network
  5. Click Advanced
  6. In the Add this website to the zone: text box type file://computername or IP (in your case file://path).
  7. Click Add
  8. Click Close, OK, and OK again to exit Internet Options.

Alternatively, you may uncheck the Automatically detect intranet network, and check the other three check boxes. This saves you from having to enter each machine name manually, but allowing all network paths is probably not secure.

See also

愁以何悠 2024-09-05 01:38:52

另一种专门针对远程桌面服务的可能性是使用组策略。

1.) 在域控制器上打开组策略编辑器

2.) 创建组策略对象(例如,停用网络共享上的文件安全性)。

3.) 编辑此新对象

4.) 在用户配置下 → 管理模板Windows 组件Internet Explorer互联网控制面板安全页面编辑站点到区域分配列表

5.) 选择激活并单击 >显示

6.) 在 valuename 下添加您的网络共享路径并将值设置为 1。1 表示本地 Intranet。

7.) 我认为启用 Intranet 站点:包括其他区域中未列出的所有本地(Intranet)站点Intranet 站点:包括所有网络路径 (UNC)< /em>

8.) 然后关闭对象并将其链接到您要应用这些设置的某个用户 OU。

9.) 激活新的链接对象。

Another possibility specially for remote desktop services is to use group policies.

1.) Open the group policy editor on your domain controller

2.) Create a group policy object (e.g. deactivate file security on network share).

3.) Edit this new object

4.) Under User ConfigurationAdministrative TemplatesWindows ComponentsInternet ExplorerInternet Control PanelSecurity Page edit Site to Zone Assignment List

5.) Select Activate and click Show

6.) Add your network share path under valuename and set value to 1. 1 means local intranet.

7.) I think it is also a good idea to enable Intranet Sites: Include all local (intranet) sites not listed in other zones and Intranet Sites: Include all network paths (UNCs)

8.) Then close the object and link it to some user OU for which you want to apply these settings.

9.) Activate your new linked object.

南薇 2024-09-05 01:38:52

许多年后......

实际上,您希望用户在安装任意软件时收到警告,尤其是通过网络安装的软件。

但您对软件进行了签名,以便每个人都可以验证它来自您并且未被篡改。已经显示了。

因此,如果您希望显示更少的警告(如果警告太多,用户无论如何都会开始忽略它们),则需要将代码签名证书添加到 Windows 信任存储区。然后 Windows 就知道是谁创建了该软件,认为它是可信的并且不会发出警告。

签名证书或 CA 证书到底如何添加到

Many years later...

Actually you want users to be warned if they install arbitrary software, especially over the network.

But you signed your software so everyone can verify it comes from you and was not tampered with. That is displayed already.

So if you want even less warnings to show up (users will start ignoring them anyway if they are too many), you need to add your code signing certificate to the Windows trust store. Then Windows knows who created the software, sees that it can be trusted and does not warn.

How exactly the signing certificate, or maybe the CA certificate gets added to

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文