6

I've been playing with new URL monikers in Windows for a utility I'm working on. When I run the new URL from Start > Run, it just runs. If I send the URL to myself via Notes or enter it into the IE address bar, I get a window which says:

"Do you want to allow this website to open a program on your computer?"

Program: UrlMonikerTest1

Address:  urltest://ticket?param1=42&param2=Derf

[CheckBox] Always ask before opening this type of address

                                      [Button]  Allow  [Button]  Cancel


Allowing web content to open a program can be useful, but it can
potentially harm your computer.  Do not allow it unless you trust
the source of the content.  What's the risk?

Given that the utility will only run on internal machines to which it will be deployed using SCCM and to which I can apply Group Policy, can I disable this message for this application/URL moniker alone?

The clients are currently XP. They will be Win7 at some point. We don't have to consider Vista.

Community
  • 1
serialhobbyist
  • 451
  • 3
  • 7
  • 16

2 Answers2

4

This prompt can be disabled by the following registry edit:
HKCU: to affect current user only:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ProtocolExecute\YOUR_MONIKER]
"WarnOnOpen"=dword:00000000

HKLM: to affect local machine – for 32 bit machines

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\YOUR_MONIKER]
"WarnOnOpen"=dword:00000000

HKLM: to affect entire machine – for 64-bit machines

 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\YOUR_MONIKER]
"WarnOnOpen"=dword:00000000
Reaces
  • 5,597
  • 4
  • 38
  • 46
ScottB
  • 141
  • 4
  • this works for the first warning. however, in recent IE versions there also is a second warning: "A website wants to open web content using this program on your computer. This program will open outside of Protected mode" Any ideas for disabling this warning? – Chielus Aug 13 '15 at 14:04
  • 1
    You can also disable the second warning, with the same registry locations. Example for allowing powershell, 64-bit machine-wide: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63C9B08C-32ED-4DA8-BB52-77FBE961B1A1}] "AppPath"="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" "AppName"="powershell.exe" "Policy"=dword:00000003 – Chielus Aug 13 '15 at 14:38
1

I've no experience of this, but the thing that springs to mind is using a software packaging tool that takes a 'before' and 'after' snapshot of your system?

i.e.

  1. Disable as many services as you can that might be making changes to files in the background (automatic updates & AV software are typical examples that can interfere), or even better use a virtual PC with no software other than what is absolutely essential.
  2. Take a 'before' snapshot of the filesystem and registry.
  3. Execute the moniker for the first time, clear the checkbox and click 'Allow'.
  4. Take an 'after' snapshot of the filesystem and registry.
  5. Compare the two snapshots and look for changes that might be relevant.

If you can isolate the filesystem/registry change, you should be able to create a GPO (computer startup script or user logon script) that will apply the changes to the system/user. It might not be the cleanest solution, but it might just work.

Bryan
  • 7,628
  • 15
  • 69
  • 94