SBS2003 VPN: What were they thinking?!

I thought I’d share some Small Business Server 2003 security silliness.  Following is a series of Internet Explorer dialogs when you setup VPN via the Remote Web Workplace:

---------------------------
Microsoft Internet Explorer
---------------------------
After you install Connection Manager, ensure that all users of this computer have strong passwords to protect the security of your Windows Small Business Server network.
---------------------------
OK   
---------------------------

---------------------------
File Download - Security Warning
---------------------------
Do you want to run or save this file?
    Name: sbspackage.exe
    Type: Application, 503 KB
    From: ---
---------------------------
Run   Save   Cancel
---------------------------
While files from the Internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not run or save this software. What's the risk?

---------------------------
Internet Explorer
---------------------------
The publisher could not be verified.  Are you sure you want to run this software?
         Name: sbspackage.exe
    Publisher: Unknown Publisher
---------------------------
Run   Don't Run
---------------------------
This file does not have a valid digital signature that verifies its publisher. You should only run software from publishers you trust. How can I decide what software to run?

---------------------------
Connect to Small Business Server
---------------------------
Do you wish to install the connection to Small Business Server?
---------------------------
Yes   No   
---------------------------

Notice the Big Red Flag??  Microsoft’s SBS team never signed the VPN installer (sbspackage.exe), so IE on XPSP2 (and presumably 2003SP1 now) does its scary “don’t take candy from strangers” warning.  (How long has Microsoft been touting executable signing now?!?) 

*sigh*

 

Bookmark the permalink.

One Response to SBS2003 VPN: What were they thinking?!

  1. Laurelle says:

    THANK YOU!!!!!!!!! Today is Friday. I spent my entire evnieng yesterday and most of tonight trying to install the Cisco VPN Client for 64-bit. I had been using Shrew VPN (freeware) and it worked fine with my Cisco .PCF file, but now they’ve reconfigured my VPN at work and it’s Cisco or death (long story). Anyway, I’ve spent many hours following advice to remove registry keys that I DON’T HAVE, and registering vbscript.all over and over.I just ran across your blog, realized that my system had come pre-loaded with McAfee, which I promptly removed. I followed your advice here and it FINALLY installed.Again, Thanks!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>