These two issues are linked.
viewtopic.php?t=3923 lsjohnson2 in fact you issue can come back if someone turms on signed only.
http://technet.microsoft.com/en-us/libr ... 10%29.aspxFrom harry
Please see viewtopic.php?f=5&t=491
Code: Select all
{yourWSUSOUdir}\bin\streams -s -d yourWSUSOUdir
This is just a hack. This disables selective signed checking.
The correct answer is setup your own self signing CA with own code signing certificate and sign the file and add that CA to the computers. This way it does not matter what is set it works. Unsigned is just trouble.
http://stackoverflow.com/questions/8484 ... on-windowsNow of course it would be nice if it was self signed in the download and only have to add the CA .cer file into the trust locations.
MITM and Windows signing requirements is the same problem. Fighting the tide the tide will always cause you trouble.
Unsigned is trouble. Unsigned will be questioned more by anti-virus software. Unsigned will run into windows protection systems. Self-signed lot of companies use this for internal applications.
As I stated there is no a money cost to fixed this at least half way. To fix fully needs a paid for certificate. To half fix needs a self signing CA.
Instructions are fairly simple if the exe where self signed.
- Code: Select all
certmgr.exe -add MyCert.cer -s -r localMachine trustedpublisher
certmgr.exe -add MyCert.cer -s -r localMachine root
With MyCert.cer being the self signed CA of here. The .cer could be in the download file. Yes in a cmd/bat file to approve.