Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bypassing security popup when opening shortcut

Status
Not open for further replies.
acl03

acl03

MIS
Jun 13, 2005
1,077
US
I have two 2003 r2 (SP2) terminal servers. With Citrix XenApp 5. We have a published server destktop that our users access. They hit one of the two servers below when they launch the desktop:

serverA is 64-bit
serverB is 32-bit

Both are at the same patch level (SP2). No additional security patches installed.

I have an extensive GPO that applies to both servers. One of the policies is to redirect the user's desktop to a share, located here:

\\serverA\UserDesktop

When a domain user logging into serverA (64bit) clicks a shortcut to a local program (Firefox, etc), it works fine.

When a domain user logging into serverB (32bit) clicks this same shortcut, they get this popup:

Do you want to open this file?

Name: Webmail.lnk
Publisher: Unknown Publisher
Type: Shortcut
From: \\serverA\UserDesktop

They need to click "Open" in order to run it.

I tried remapping the share to \\serverB\UserDesktop, and the problem remains (only on the 32 bit server).

I also tried mapping the desktop to \\localhost\UserDesktop, so each server maps to itself, and still the problem exists only on the 32 bit server.

Any ideas?


Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Sort by date Sort by votes
Remove the "Internet Explorer Enhanced Security Configuration" by unchecking this option in "Add/Remove Windows Components" from the server giving you these messages and see if the problem goes away.

Joey
CCNA, MCSA 2003, MCP, A+, Network+, Wireless#
 
Upvote 0 Downvote
Joey,

Thanks for the response.

Already removed it when I installed Terminal Services, unfortunately.



Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
I should add that logging into the TS with a user that is a local admin does not help.

Logging into the TS with a domain admin makes the problem go away. I "denied" domain admins access to apply the TS GPO, so there's got to be something in the GPO causing the problem.

I apply the same gpo to both TSs though, so not sure what it could be.

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
Try adding \\serverA\UserDesktop to the Trusted Sites zone in Internet Explorer.


Hope this helps.

Please help us help you. Read FAQ690-6594: How to ask the best questions and site policies before posting.
 
Upvote 0 Downvote
I added it as domain admin, didn't fix it for standard users getting the policy. It won't let me add it as a non-admin user.



Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
Techy,

I had added it to "Trusted Sites" as admin. I just moved it over to Local Sites and still no fix.

Do you know if this setting needs to be done for each user (or via gpo's) or just as admin?

When I try to add this in IE as a non-admin, it gives me this error: "You have entered an invalid wildcard sequence." Odd...I'd think it would be "Access denied."



Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
I made one of my standard (non domain admin) an administrator on the TS, and still cannot add a shared folder or server to the Local intranet section, yet I can do it as domain admin RDP'd into the server directly.

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
It should be per user and could be put in by GPO. The add should be file://"your 32bit Terminal Server name"

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Upvote 0 Downvote
I made a standard user a domain admin (and in-turn a local server admin). I tried to add file://32bitserver just like that....says invalid wildcard sequence. As i started to type, it even pulled up a few servers in autocomplete, and I selected one of them, still leading to that error. Domain admins do not get the TS policy, so it should not be a rights issue.

I logged into the TS itself as domain admin via RDP, and added the server in the exact same fashion that you suggested, and it worked fine, and I don't get the security prompt.

Any other ideas?

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
I have no idea what I did, but somehow it is fixed now. I think it had something to do with the profile I was using.

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

GriffMG
  • Locked
  • Question
Server 2016 IIS - When opening default web page in Edge (chromium) it downloads rather than opening
Replies
1
Views
197
GriffMG
GriffMG
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
130
amanua
amanua
Andy542
  • Locked
  • Question
Opening Port 443 on the server
Replies
1
Views
138
iggsterman
iggsterman
littleruss21
  • Locked
  • Question
Alert\Event Log when a computer joins the domain
Replies
2
Views
224
littleruss21
littleruss21
Bigbadjoe
  • Locked
  • Question
Issue with Security sharing folder on Server 2012.
Replies
0
Views
96
Bigbadjoe
Bigbadjoe

Part and Inventory Search

Sponsor

Back
Top