Support > Knowledge Base
Knowledge Base
Search the Knowledge Base: |
Search the Knowledge Base: |
Security warning displays when running ThinApp Capture from a network share
Symptoms
- When launching a ThinApp captured application from a network share, you see the following security warning:
The publisher could not be verified. Are you sure you want to run this software?
- Clicking Run allows the capture to continue.
Resolution
This is a standard Windows security behaviour when running an unknown .exe file from a network share.
As this is a standard Windows behaviour and not a VMware product issue, the resolution lies with configuration of your Windows environment.
You can either sign the ThinApp packages with your own digital certificate (requiring you to apply the certificate to every host where the package will be run), or use Group Policy Objects (GPOs) in your Active Directory (AD) environment to stop this security warning from appearing. Either method is a Microsoft Windows configuration, beyond the scope of VMware Support, so any suggested fixes here are provided as best effort, but should be tested fully by customers before implementing them.
You can either sign the ThinApp packages with your own digital certificate (requiring you to apply the certificate to every host where the package will be run), or use Group Policy Objects (GPOs) in your Active Directory (AD) environment to stop this security warning from appearing. Either method is a Microsoft Windows configuration, beyond the scope of VMware Support, so any suggested fixes here are provided as best effort, but should be tested fully by customers before implementing them.
Digitally pre-signing .exe files may cause Windows to read the entire file across the network before launching, rather than streaming it immediately. In this case, performance of larger captures could be reduced. ThinApp separates captures larger than 200MB into a .exe and .dat file, so these are not impacted. However, there could be performance impact for captures up to 200MB. In this case, using the GPO option may be preferable.
To use GPO to set User Configurations, you need to have your relevant users in an organizational unit (OU), not the default built-in Users container in Active Directory. GPO can only be applied against OUs.
To use GPO to set User Configurations, you need to have your relevant users in an organizational unit (OU), not the default built-in Users container in Active Directory. GPO can only be applied against OUs.
To set the GPO:
- Click Start > Programs > Administrative Tools > Active Directory User and Computers.
- Right click the OU containing your users who have this issue and choose Properties.
- Under the Group Policy tab, click New, and enter a name for the GPO.
- Click Edit to open the Group Policy Object Editor, and open the path User Configuration > Administrative Templates > Windows Components > Attachment Manager.
- Open Inclusion list for moderate risk file types, click Enabled, and under Specify moderate risk extensions, add .exe.
- Click Apply and OK.
Note: If you try to run a .exe file from a Restricted Zone or Internet Zone rather than your Intranet Zone, then you still receive the security warning.
Feedback
Actions
- KB Article: 1014871
- Updated: Oct 27, 2009
- Product Versions:
VMware ThinApp 4.x