The publisher could not be verified when launching an application with RES Workspace Manger

Today I was troubleshooting a warning message that popped up when launching a network application with RES Workspace Manager:

The publisher could not be verified. Are you sure you want to run this software?

Usually this is a simple fix: add the servername (file://server) to the Local Intranet zone:

You can add and remove websites from this zone. All websites in this zone will use the zone's security settings.

That worked when I launched the application directly. However when launching the application with RES Workspace Manager I would still get the warning. Even stranger: when I clicked Cancel the application would still be launched.

This problem seems related to the way Workspace Manager launches an applications: the program’s path is replaced with %respfdir%\pwrgate.exe <appid>.

A trace with Process Monitor showed that the ZoneMap was not even checked. That leaves us with two options to fix it:

Option #1: Change Security Settings for the Internet Zone
An easy way to get rid of this message is to allow Launching applications and unsafe files in the Internet Security Zone:

Launching applications and unsafe file (not secure)

Internet Explorer warns us right away that this is a bad idea:

Are you sure you want to change the settings for this zone? | The current security settings will put your computer at risk.

Option #2: Change Attachment Manager Policy
This option is less worse than option #1 but another solution is preferred. As a workaround it will do though.

Open the Managed Application and create a new User Registry Policy under Configuration. Import AttachmentManager.admx (usually in C:\Windows\PolicyDefintions).

Include .exe in the "Inclusion list for moderate risk file types":

Attachment Manager | Inclusion list for moderate risk file types

Was once an enthusiastic PepperByte employee but is now working elsewhere. His blogs are still valuable to us and we hope to you too.