Yes, it's easy to see by viewing page source at Google's chrome download page, that it is installing via ClickOnce. Thank you, Jon, for the suggestions.
Their javascript detects whether ClickOnce is enabled or not, and if it is, obviously use it. And if it's not, then they present you with a "normal" download dialog. According to (this <http://www.leastprivilege.com/BewareBeAwareOfClickOnceDefaultSettings.aspx> page) ClickOnce features the notion of a "trusted application" - technically that means that the certificate used to sign the manifest is also imported into the "trusted publisher" certificate store. Trusted application totally bypass the elevation/trust prompt and get whatever permissions they like - so even if you set permission elevation to "disabled" for a zone - trusted applications will be able to elevate. If you are not comfortable with all this, I'm sure there's some way to disable it, but I don't know how yet. Personally, I would like to learn how to disable it, but leave it enabled by default for most of my users.
_______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
