0

Chromium Edge (v92.xx -- the currently supported one as of this writing) is treating the ClickOnce setup.exe file on a LAN share as a "normal download" (intercepting it rather than executing it) even after Group Policy has been set to enable ClickOnce support in Edge. What are the Edge settings that need to be changed to support ClickOnce?

I suppose SmartScreen is involved, in particular the Allow List:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenallowlistdomains

Making these changes are not my responsibility (I'm on the Dev side of DevOps) and I have no permission to make them. But I will need to convince the network security team they're required. Having an upvoted answer here would be very helpful for that purpose.

EDIT: Here's how the publish.htm page address appears in the Edge address bar:

file://myservername/C$/apps/myappfolder/publish.htm

EDIT: Here are some relevant screen captures showing the behavior:

setupexe intercept by Edge Edge ActiveDirectory settings

Tim
  • 203
  • 1
  • 4
  • 11

1 Answers1

0

Could you please refer to https://docs.microsoft.com/en-us/deployedge/edge-learn-more-co-di and clarify what happens (that is: if anything is different from what you see described on that site)? As you can read, "ClickOnce and DirectInvoke are supported out of the box for all Windows users." - and that holds true here: without any modifications, I can run clickonce files in chromium edge 92.

More info: If I understand correctly, you would like to get rid of all warnings. ->in IE mode, chromium edge shows one warning less, so if you are interested, setup a sitelist to have that site where the clickonce files are hosted run in IEmode.

Bernd Schwanenmeister
  • 482
  • 2
  • 5
  • We are not getting the warnings described on that page. Rather, Edge is not invoking SETUP.EXE but is treating the SETUP.EXE as a normal file download, placing it in the Downloads folder if the user clicks on the ellipsis and tells Edge to "keep" the file. – Tim Aug 11 '21 at 13:18
  • I will post some screenshots. – Tim Aug 11 '21 at 13:26
  • I believe our networking consultants may have entered malformed values for the `ExemptDomainFileTypePairsFromFileTypeDownloadWarnings` registry setting. Looking into that now. – Tim Aug 11 '21 at 13:57
  • Please note that in case you are using Windows 10 21H1, there's a new directive from Microsoft in regards to blocking potentially unwanted programs: https://support.microsoft.com/en-us/windows/potentially-unwanted-apps-will-be-blocked-by-default-b9f53cb9-7f1e-40bb-8c6b-a17e0ab6289e – Bernd Schwanenmeister Aug 12 '21 at 07:57
  • Thanks. Our network security team *believes* they have addressed that with `SmartScreenPuaEnabled` set to `0` in Edge policies. It's the last item in the registgry screencapture above. – Tim Aug 12 '21 at 17:05
  • 1
    Sorry for the late comment, I was in stress. You are right, that registry value should be the one. Please verify the same in the section "default settings (users can override), as well as the user policy. Registry Hive HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER Registry Path Software\Policies\Microsoft\Edge\Recommended Value Name SmartScreenPuaEnabled Value Type REG_DWORD Enabled Value 1 Disabled Value 0 – Bernd Schwanenmeister Aug 18 '21 at 07:47