Forum Discussion
ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy
I am trying to configure the ExemptDomainFileTypePairsFromFileTypeDownloadWarnings policy to allow EML and MSG attachments from our HR systems to be downloaded automatically, without having to allow them.
We use DNS aliases, so I have whitelisted ".hrm.app.ourcompany.com", ".hrm.appdev.ourcompany.com" and ".hrm.appacc.ourcompany.com", as I read in the documentation that you need to start with a period to match that specific entry. We don't want to whitelist our entire domain if possible, for security reasons.
I have configured this through Group Policy using the example in the documentation, and it loads correctly in the edge://policy list. Its strange that "domains" and "file_extension" are swapped around, although it says OK. In edge://policy I have the following:
{ "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ], "file_extension": "eml" } ,{ "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ], "file_extension": "msg" }
But this doesn't work, my users still receive the message that they first need to allow the file. Is there somewhere I can check the internal processing of these rules? I don't see anything in DevTools, unless I am looking in the wrong place.
Has anybody successfully implemented this policy?
- Tom_FoxIron Contributor
You need to put each file extension on a new line. In my example, this is as follows:
{"file_extension": "eml", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }
{"file_extension": "msg", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }
- astee1280Copper ContributorHi Tom_Fox,
Our current working example is;
<Enabled/><data id="ExemptDomainFileTypePairsFromFileTypeDownloadWarningsDesc" value='1{"file_extension": "eml", "domains": ["mydomain"]}'/>
Should the 2 line example be;
<Enabled/><data id="ExemptDomainFileTypePairsFromFileTypeDownloadWarningsDesc" value='1{"file_extension": "eml", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }, {"file_extension": "msg", "domains": [ ".hrm.app.ourcompany.com", ".hrm.appacc.ourcompany.com", ".hrm.appdev.ourcompany.com" ] }'/>
Would you be able to copy out your working string?
Thanks,
Alex
- Kelly_YMicrosoft
Tom_Fox Hi! There have been some recent discussions about this same policy. Re: SmartScreen turned off -> Java Webstart JNLP Files are marked as "can harm your computer - Microsoft Tech Community
Also, separately we've had a user mention that if using the GP editor "each file_extension MUST be entered on a separate line in the editor, or the policy will not apply."
-Kelly
- Tom_FoxIron Contributor
Hi Kelly_Y,
Sorry for my late reply to this. After extensive testing, we can confirm that this policy works fine when we specify server names, but fails when we use DNS aliases. I believe this a bug. Please can you ask your Dev Team to replicate this to confirm.
I tried looking in the DevTools logs when launching a download, to see if I can find a check on these rules, but didn't find anything. Can you confirm if there is some logging generated when downloading?
Tom Fox