| Author | Messages | |
araczek
Posts:10
 | | 12/16/2009 3:25 PM |
| Only on server 2003 when I try to execute a *.exe I get:
"windows cannot access the specified device path or file"
Tried-
Removed IE Enhanced config
Put machine itself in Trusted and Intranet
Copied file to local drive
It MUST be my GPO because a few people are experiencing this as I
switched to new GPO's. I can run other executables fine just this
particular file (it's an eclipse "installer") will not run. I have also
seen this
with a weblogic installer.
HELP HELP HELP!!
***************************************
* Alan Raczek MCSE *
* Network Engineer *
* CACI International *
* V: (732) 532-4055 *
* F: (732) 532-4129 *
* Cell Phone: (732) 245-4351 *
* xxxxxxxxxxxxxxxx *
***************************************
"When I die, I hope it's in a meeting. The transition from life to death
will be barely perceptible."
| | | |
| davesharples
Posts:55
| | 12/16/2009 3:25 PM |
| right click the file -> properties and click unblock
does that help
On 9 Dec 2009, at 22:06, Raczek, Alan Mr CTR USA AMC wrote:
> Only on server 2003 when I try to execute a *.exe I get:
>
> "windows cannot access the specified device path or file"
>
> Tried-
> Removed IE Enhanced config
> Put machine itself in Trusted and Intranet
> Copied file to local drive
>
> It MUST be my GPO because a few people are experiencing this as I
> switched to new GPO's. I can run other executables fine just this
> particular file (it's an eclipse "installer") will not run. I have also
> seen this
> with a weblogic installer.
>
> HELP HELP HELP!!
>
> ***************************************
> * Alan Raczek MCSE *
>
> * Network Engineer *
> * CACI International *
> * V: (732) 532-4055 *
> * F: (732) 532-4129 *
> * Cell Phone: (732) 245-4351 *
> * xxxxxxxxxxxxxxxx *
> ***************************************
>
> "When I die, I hope it's in a meeting. The transition from life to death
> will be barely perceptible."
>
>
>
| | | |
| DonMichelli
Posts:4
| | 12/16/2009 3:28 PM |
| Check for an Alternate Data Stream associated with the file you are attempting to execute.
Background: A service called Attachment Execution Service was introduced with XP SP2. It examines the zone information associated with the file when you attempt to execute it. If it is marked as being untrusted or the Internet, the execution will be blocked. The zone information is saved to an Alternate Data Stream (ADS) associated with the file and named “Zone.Identifier”. The DIR command and explorer will not show the ADS. Normally, you can right-click on these files and select the unblock button (which strips the Zone Identifier info), but some systems have a registry setting (may or may not be done by a GPO) which removes the unblock button from the property page.
Some sources recommend changing the registry key that governs this behavior via regedit or using gpedit to change the local GPO, however, that may not an appropriate course of action for many organizations.
The easiest way around this, if you TRUST the source of the file (i.e., you received it directly from the vendor website), is to set the ZoneIdentifier info to trusted or strip it completely.
From the command prompt, you can open the Alternate Data Stream using notepad by affixing the suffix “:ZoneIdentifier” to the end of the filename. For example, if your executable is "someblocked.exe"
Notepad someblocked.exe:Zone.Identifier
The possible options for ZoneId are:
NoZone = -1 don’t confuse this with NoDoze!!
MyComputer = 0
Intranet = 1
Trusted = 2
Internet = 3
Untrusted = 4
By changing the ZoneId to a 2 and saving the file you'll be able to execute it.
The other option is to use the Microsoft (formerly sysinternals) utility "streams" to strip the info completely.
C:\temp>streams -d someblocked.exe
Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\temp\someblocked.exe:
Deleted :Zone.Identifier:$DATA
Don Michelli, MCSE, GCWN
USDA/OCIO/ITS
Infrastructure Deployment Branch
Phone: 301-504-4163
E-Mail: xxxxxxxxxxxxxxxx
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Raczek, Alan Mr CTR USA AMC
Sent: Thursday, December 10, 2009 7:55 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Could this be a GPO setting, nowhere else to turn :-(
No choice to unblock. Button not there. Trust me, this is not easy.
-----Original Message-----
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dave Sharples
Sent: Wednesday, December 09, 2009 5:10 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Could this be a GPO setting, nowhere else to turn
:-(
right click the file -> properties and click unblock
does that help
On 9 Dec 2009, at 22:06, Raczek, Alan Mr CTR USA AMC wrote:
> Only on server 2003 when I try to execute a *.exe I get:
>
> "windows cannot access the specified device path or file"
>
> Tried-
> Removed IE Enhanced config
> Put machine itself in Trusted and Intranet Copied file to local drive
>
> It MUST be my GPO because a few people are experiencing this as I
> switched to new GPO's. I can run other executables fine just this
> particular file (it's an eclipse "installer") will not run. I have
> also seen this with a weblogic installer.
>
> HELP HELP HELP!!
>
> ***************************************
> * Alan Raczek MCSE *
>
> * Network Engineer *
> * CACI International *
> * V: (732) 532-4055 *
> * F: (732) 532-4129 *
> * Cell Phone: (732) 245-4351 *
> * xxxxxxxxxxxxxxxx *
> ***************************************
>
> "When I die, I hope it's in a meeting. The transition from life to
> death will be barely perceptible."
>
>
>
| | | |
|
|