Open rozmansi opened 4 years ago
mattock
commented
4 years ago I'll test this on the Windows 10 ARM64 laptop when I get back home. As discussed in the hackathon I'll create a new combined tap-windows6 installer based on the latest signed tap-windows6 drivers to get the benefits immediately.
agrawalamit2005
commented
4 years ago Hi rozmansi, mattock
Could you confirm with any of win7 machine if such cert is installed or the reg entry is created once user opt for Always Trust .... publisher checkbox. In my case, i do not see any impact of the reg entry created/cert installation for trusted publisher (tried in both stores) prompt.
Thanks
mattock
commented
4 years ago @agrawalamit2005 are you saying that even if you have clicked "Trust this publisher" you get the same prompt when you install/upgrade tap-windows6 again?
agrawalamit2005
commented
4 years ago @mattock I have not tried on tap-windows6 yet. Please read my comment more as a question on approach used to avoid Trust prompt. With other driver, i notices similar prompt but i do not see any entry created in registry at Trusted publisher place. Have you seen this entry?
rozmansi
commented
4 years ago This avoids prompts on Windows 7 (with KB2921916 applied)
Windows 7 really really really needs the KB2921916 for their driver install prompt to work correctly with SHA-256 driver signatures.
Windows 7 without KB2921916 will keep prompting - regardless of what certificate we import and regardless how many times you tick that "Don't prompt again for this publisher" checkbox.
Could you confirm with any of win7 machine if such cert is installed or the reg entry is created once user opt for Always Trust .... publisher checkbox. In my case, i do not see any impact of the reg entry created/cert installation for trusted publisher (tried in both stores) prompt.
Yes, I can confirm this works without a prompt on Windows 7 with KB2921916. I tested it personally. I have tested it again once and for all - this time recording:
agrawalamit2005
commented
4 years ago Thanks for prompt response. It really boost up confidence. I have no more comment to hold this PR. Another query I have is, how you are downloading KB2921916. Microsoft has stopped distributing it. Any side loading installer of KB available to try at my end.
THANKS Amit
On Wed, Nov 13, 2019, 4:39 PM Simon Rozman notifications@github.com wrote:
This avoids prompts on Windows 7 (with KB2921916 applied)
Windows 7 really really really needs the KB2921916 for their driver install prompt to work correctly with SHA-256 driver signatures.
Windows 7 without KB2921916 will keep prompting - regardless of what certificate we import and regardless how many times you tick that "Don't prompt again for this publisher" checkbox.
Could you confirm with any of win7 machine if such cert is installed or the reg entry is created once user opt for Always Trust .... publisher checkbox. In my case, i do not see any impact of the reg entry created/cert installation for trusted publisher (tried in both stores) prompt.
Yes, I can confirm this works without a prompt on Windows 7 with KB2921916. I tested it personally. I have tested it again once and for all
this time recording:
- Installing on a Win7 without KB2921916: https://1drv.ms/u/s!AsRKV9itoeUTiz4NspnipAuziWuE?e=xcNHAm
- Reverting to the snapshot before TAP-Windows6 was installed.
- Installing KB2921916: https://1drv.ms/u/s!AsRKV9itoeUTiz-ESCzDlYsXvd_S?e=C5jsGW
- Rebooting
- Installing TAP-Windows6 again: https://1drv.ms/u/s!AsRKV9itoeUTi0Aa9cJ-wfKKMs6G?e=u8dZRE
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OpenVPN/tap-windows6/pull/100?email_source=notifications&email_token=AHBRHNZRGUZC7IVOKJASBX3QTPN7XA5CNFSM4JLL3UMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED5YVFI#issuecomment-553355925, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHBRHN63UDXK64QXWNXNTLDQTPN7XANCNFSM4JLL3UMA .
rozmansi
commented
4 years ago I have downloaded the KB2921916 for testing purposes here:
I am not sure if OpenVPN community is legally entitled to host the download. At least not without double-checking the license that was included with the original download at Microsoft Download Server (no longer available).
Without a license, I don't believe we are legally entitled to include it in our TAP-Windows6 installer and deploy it.
rozmansi
commented
4 years ago One thing, I probably should mention explicitly... This PR includes #99, since it reuses its logic to detect if Windows version is <10.
This avoids prompts on Windows 7 (with KB2921916 applied), 8, 8.1, Server 2008R2, 2012R2. Note there is no prompt on Windows 10 and Server 2016 and 2019 already as the driver for Win10 is Microsoft signed.