Kevin Hoffman

Recently I installed the Beta 2 version of "Geneva", or ADFS 2.0. All of my machines are now Windows 7 machines, including just about all of my VHDs and virtual machines. The only time I use Win2k8 R2 is when the product I'm installing specifically requires me to do that. So when I installed Geneva on my Win7 box, I thought everything would be fine.

Then I rebooted. The "Modify STS Reference..." and "Update federation metadata" menu items that are supposed to be added to the list of available options on an ASP.NET web application were gone. They were there before I rebooted but they were gone after. I also noticed something funny with the Identity training kit install. Every single directory and file in there was marked as "read only". I would unset the read-only flag, right click the file, get properties, and sure enough, it was still set to read only. WTF?

Turns out that when I download files from the big bad scary internet, Windows 7 automatically flags them as "bad content" and they are blocked. The permissions of those files are significantly less than those of files I put onto my computer via DVD or whatever. This is actually as it should be, and it's designed to keep me from doing horribly bad things to my computer.

I uninstalled the Geneva SDK and the Identity Training Kit. I then right-clicked each of the .msi files, chose Properties and then clicked the magic Unblock button. After this, when I installed the Framework SDK, the Visual Studio extensions remained after reboot, and the files created by the identity training kit didn't have weird permission problems and the certificates installed by the lab set up actually bound to the SSL port properly.

So, the moral of the story is this: If you're going to install an MSI that you downloaded from a trusted source (like MSDN or Microsoft Downloads or h0tpr0n.com), unblock it before you install just to make sure you don't run into any goofy permission issues.