Sign in with
Sign up | Sign in
Your question

SP2: Disabling blocking of downloads

Last response: in Windows XP
Share
Anonymous
April 10, 2005 3:51:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

As I'm guessing many of you already know, Windows XP SP2 logs the origin of
downloaded files, and blocks files from other computers. I want to disable
this logging, and remove the blocks, since I find it quite annoying to have
to remove the blocking from each and every file to make certain applications
(such as Visual Studio) willing to use them. If it's possible, I would also
like to know if there are any API calls to remove the block from an existing
file, so I can code a small application to remove it from existing files.
I'm running XP Home. TIA!

Michael Madsen
Anonymous
April 10, 2005 7:05:31 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You can make custom changes to Internet Explorer's default security by
launching IE, then from the Toolbar select Tools > Internet Options >
Security > Custom Level.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/window...

-------------------------------------------------------------------------------------------

"Pidgeot" wrote:

| As I'm guessing many of you already know, Windows XP SP2 logs the origin of
| downloaded files, and blocks files from other computers. I want to disable
| this logging, and remove the blocks, since I find it quite annoying to have
| to remove the blocking from each and every file to make certain applications
| (such as Visual Studio) willing to use them. If it's possible, I would also
| like to know if there are any API calls to remove the block from an existing
| file, so I can code a small application to remove it from existing files.
| I'm running XP Home. TIA!
|
| Michael Madsen
Anonymous
April 10, 2005 7:05:32 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm aware of that, but which option(s) do I need to change? The only ones
that seem fitting is "Persistent user data" and "Access to data sources
across domains" (I think that's what they're called in English), but none of
them affect my problem - Windows still marks my downloads as untrusted.

According to http://www.mcpmag.com/columns/print.asp?EditorialsID=71..., (see
under Download Management), this information is stored in a stream associated
with the file. Using one of these files as an example, I can see it is a
stream named Zone.Identifier. This stream (displayed using MORE) is as
follows:

[ZoneTransfer]
ZoneId=3

, and going into the properties of that file and clicking "Remove blocking"
removes that stream.

I've found a tool to remove the streams, but I still can't get Windows to
stop putting it there in the first place - unless I don't mind converting to
FAT32, which doesn't allow for these streams. I don't want to do that, though.

According to http://www.neowin.net/forum/index.php?showtopic=190607&...,
you can do this by inserting these keys into the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{11D31951-7848-48E3-89C2-6762AF05C427}User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"

, however, the "Group Policy Objects" part makes this look like it's only
usable under XP Pro.

Anyone able to offer more info?

Michael

"Carey Frisch [MVP]" wrote:

> You can make custom changes to Internet Explorer's default security by
> launching IE, then from the Toolbar select Tools > Internet Options >
> Security > Custom Level.
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
> Microsoft Newsgroups
>
> Get Windows XP Service Pack 2 with Advanced Security Technologies:
> http://www.microsoft.com/athome/security/protect/window...
>
> -------------------------------------------------------------------------------------------
>
> "Pidgeot" wrote:
>
> | As I'm guessing many of you already know, Windows XP SP2 logs the origin of
> | downloaded files, and blocks files from other computers. I want to disable
> | this logging, and remove the blocks, since I find it quite annoying to have
> | to remove the blocking from each and every file to make certain applications
> | (such as Visual Studio) willing to use them. If it's possible, I would also
> | like to know if there are any API calls to remove the block from an existing
> | file, so I can code a small application to remove it from existing files.
> | I'm running XP Home. TIA!
> |
> | Michael Madsen
>
Anonymous
April 13, 2005 5:25:09 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Pidgeot wrote:

> I'm aware of that, but which option(s) do I need to change? The only ones
> that seem fitting is "Persistent user data" and "Access to data sources
> across domains" (I think that's what they're called in English), but none of
> them affect my problem - Windows still marks my downloads as untrusted.
>
> According to http://www.mcpmag.com/columns/print.asp?EditorialsID=71..., (see
> under Download Management), this information is stored in a stream associated
> with the file. Using one of these files as an example, I can see it is a
> stream named Zone.Identifier. This stream (displayed using MORE) is as
> follows:
>
> [ZoneTransfer]
> ZoneId=3
>
> , and going into the properties of that file and clicking "Remove blocking"
> removes that stream.
>
> I've found a tool to remove the streams, but I still can't get Windows to
> stop putting it there in the first place - unless I don't mind converting to
> FAT32, which doesn't allow for these streams. I don't want to do that, though.
>
> According to http://www.neowin.net/forum/index.php?showtopic=190607&...,
> you can do this by inserting these keys into the registry:
>
> [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
> "CheckExeSignatures"="no"
> "RunInvalidSignatures"=dword:00000001
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
> Objects\{11D31951-7848-48E3-89C2-6762AF05C427}User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
> "SaveZoneInformation"=dword:00000001
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
> "LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
>
> , however, the "Group Policy Objects" part makes this look like it's only
> usable under XP Pro.
>
> Anyone able to offer more info?
Hi,

If you use a 3rd party browser to download files with, this additional
stream info will not be added, and your problem is solved...



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
!