|
Posted by Roger Abell [MVP] on April 3, 2007, 9:58 am
If you were Registered and logged in, you could reply and use other advanced thread options > I'm reporting what looks like a bug in the Intranet Zone behavior of MSIE
> 7 security zones. I cannot find a way to execute a remote share from a
> Windows desktop shortcut - with or without using any browser - if the
> share is mapped directly to an IP address as in:
>
> net use t: 2.99.99.99\sharename
>
Will,
Your analysis of the scope of the Internet Zones restrictions is
correct, these apply much more than to just IE, and IIRC this has
been the case since their introduction (IE 4 ?).
I am assuming you see this on XP SP2 with IE7 (rather than W2k3).
I am summarizing and xposting to the IE security newsgroup which
may be more useful than the IE general you had selected.
So, you are saying, if you have a share mapped to a drive letter, ex
net use t: 2.99.99.99\sharename
and you then attempt to run some app, ex. t:\appname.exe
you get blocked and can find no way around this by modification
of the zone settings, per initial post
> I then try to execute a program from t: and the MSIE 7 security settings
> object. Now it gets interesting. I add to the MSIE 7 security zone for
> Intranet:
>
> file://servername
> file://servername.domain.com
> file://192.199.99.99
>
> I also tried to map the drive letter with
>
> file://t:
>
> but this immediately resolves to the IP address used in the net use
> command and simply creates a duplicate entry to the IP address.
>
> After entering all of the above, I still cannot execute a program from the
> file share that was mapped to the drive letter. Is there a trick to
> doing this properly, or is there a bug in MSIE 7 security zone behavior
> when mapping a drive letter to an IP address?
| 
XML site map