[gptalk] Re: Internet Explorer security flaw box pops up on redirected folder shortcut (My Documents)

  • From: <bart.schillebeeks@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 30 May 2007 10:31:46 +0200

Hello,

It has got to do with this setting:

  

 

You probably have UNC defined as local intranet zone, and a security setting in 
place in zone restrictions. 

It could also be default behaviour so either you change the zone restriction 
setting, or you untag the "include network paths" from your local intranet 
settings

Vriendelijke groeten,
Cordialement,
Kind Regards, 
Schillebeeks Bart
Active Directory Security Consultant
Bart.schillebeeks@xxxxxxxxxx
AD Internet Consulting BVBA 
"When once you have tasted flight, you will always walk with your eyes turned 
skyward, for there you have been and there you always will be."
Leonardo da Vinci, 1452-1519 
Disclaimer:
Any views expressed in this message are those of the individual sender, except 
where the message states otherwise and the sender is authorised to state them 
to be the views of any such entity.This Message is in no way legally binding 
and has to be viewed as a personal opinion of the sender. This message reflects 
in no way the views of FORTIS BANK and its associates and AD internet 
Consulting BVBA and its associates. Unless otherwise stated, any pricing 
information given in this message is indicative only, is subject to change and 
does not constitute an offer to deal at any price quoted. Any reference to the 
terms of executed transactions should be treated as preliminary only and 
subject to our formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 
www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx


 




-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of tools@xxxxxxxxxx
Sent: Wednesday, May 30, 2007 12:30 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Internet Explorer security flaw box pops up on redirected 
folder shortcut (My Documents)

Booker-
I had a hard time following your report below, but my guess is that somehow
IE security zone restrictions think that something about My Documents is
unsafe. Do you have a zone restriction for the MY Computer or Intranet
zones?


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Washington, Booker
Sent: Tuesday, May 29, 2007 2:49 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Internet Explorer security flaw box pops up on redirected
folder shortcut (My Documents)

This has to be a GPO setting, but not sure which one.

I have the My documents folder redirected to a network location.

When a user clicks on the My documents folder on the desktop, which is a
system generated shortcut, the user gets a pop up box that has in the
title of the box: Internet Explorer
The contents of the box state:
This page has an unspecified potential security flaw.  Do you want to
continue.  Yes or No

Any idea why this would happen?


The only policy settings outside of the folder redirect GPO show the
following:

 
Print
Close
No explanation is available for this setting.
Supported On:
Not available
Default Domain Policy
Data collected on: 5/29/2007 5:33:38 PM hide all

Generalhide
Detailshide
Domain test.domain.edu
Owner test\Domain testmins
Created 10/1/2001 2:15:58 PM
Modified 7/30/2006 8:08:30 PM
User Revisions 1 (test), 1 (sysvol)
Computer Revisions 21 (test), 21 (sysvol)
Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status Enabled

Linkshide
Location Enforced Link Status Path
test No Enabled test.domain.edu

This list only includes links in the domain of the GPO.
Security Filteringhide
The settings in this GPO can only apply to the following groups, users,
and computers:Name
NT AUTHORITY\Authenticated Users

WMI Filteringhide
WMI Filter Name None
Description Not applicable

Delegationhide
These groups and users have the specified permission for this GPOName
Allowed Permissions Inherited
test\Domain testmins Edit settings, delete, modify security No
test\Enterprise testmins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Retest (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Retest No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No

Computer Configuration (Enabled)hide
Windows Settingshide
Security Settingshide
Account Policies/Password Policyhide
Policy Setting
Enforce password history 3 passwords remembered
Maximum password age 90 days
Minimum password age 0 days
Minimum password length 7 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled

Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout threshold 0 invalid logon attempts

Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 72 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes

Public Key Policies/Autoenrollment Settingshide
Policy Setting
Enroll certificates automatically Enabled
Renew expired certificates, update pending certificates, and remove
revoked certificates Disabled
Update certificates that use certificate templates Disabled


Public Key Policies/Encrypting File Systemhide
Propertieshide
Policy Setting
Allow users to encrypt files using Encrypting File System (EFS) Enabled

Certificateshide
Issued To Issued By Expiration Date Intended Purposes
testministrator testministrator 9/30/2004 2:25:46 PM File Recovery

For testditional information about individual settings, launch Group
Policy Object Editor.
Public Key Policies/Trusted Root Certification Authoritieshide
Propertieshide
Policy Setting
Allow users to select new root certification authorities (CAs) to trust
Enabled
Client computers can trust the following certificate stores Third-Party
Root Certification Authorities and Enterprise Root Certification
Authorities
To perform certificate-based authentication of users and computers, CAs
must meet the following criteria Registered in Active Directory only

testministrative Templateshide
System/Group Policyhide
Policy Setting
Allow Cross-Forest User Policy and Roaming User Profiles Enabled

User Configuration (Enabled)hide
Windows Settingshide
Remote Installation Serviceshide
Client Installation Wizard optionshide
Policy Setting
Custom Setup Disabled
Restart Setup Disabled
Tools Disabled
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************


JPEG image

JPEG image

= = = = = = = = = = = = = = = = = = = = = = = = =
Fortis disclaimer :
http://www.fortis.be/legal/disclaimer.htm

Privacy policy related to banking activities of Fortis:
http://www.fortisbank.be/legal/privacy_policy.htm
= = = = = = = = = = = = = = = = = = = = = = = = =

Other related posts: