Configuring elevated trust in-browser

Tip: This whole process has been purposely designed to be centrally managed and deployable via Group Policy if your organization works in that manner. Refer to the Blueprint Installation Guide for more information.

Note: If you are running Windows XP, you have two configuration options: you can follow the instructions for configuration via the Microsoft Management Console --or-- you can install the Microsoft Windows Server 2003 Administration Pack in order to obtain the certutil.exe program that is necessary to configure elevated trust in-browser.

Learn more about how to determine if elevated trust in-browser is enabled.

Installation Overview

At a high level, enabling elevated trust in-browser is a two step process:

1. Inform Silverlight that a specific application will require elevation. This is achieved by adding the key (AllowElevatedTrustAppsInBrowser with a value of DWORD:1) to the registry.  This key tells Silverlight that there is an application that will require elevated trust mode.

   Note: No elevation has occurred as a result of this step. This step simply tells Silverlight to allow for a specific application to request elevation.

2. Inform Silverlight that Blueprint (and only Blueprint) needs to run in an elevated mode. This is achieved by installing a certificate that uniquely identifies the Blueprint application.

How to configure elevated in-trust browser

To configure Blueprint to run with elevated trust in-browser, perform the following steps on each client:

1. Download the elevated trust in-browser configuration files.
2. Unzip the package and note the directory where the files are located.

3. Run cmd.exe as Administrator.

   1. Click the Windows Start menu and type cmd.exe into the search bar.

   2. Right-click the cmd.exe program that appears under the Programs heading and then select Run as administrator:

      

   3. When the confirmation dialog appears, click Yes.

      The cmd.exe application launches with Administrator privileges:

4. Use the cd command to navigate to the folder where you unzipped the files.

   For example:

   cd c:\temp\elevated_trust

5. Enter the following commands to allow elevated trust to run on your local machine:

   regedit.exe /s AllowElevatedTrustAppsInBrowser64.reg

6. Run the following certutil command to apply the Blueprint public certificate:

   certutil.exe –f –addstore "TrustedPublisher" publicBlueprintCertificate2017.cer

   Here is an example of the commands run on a 64-bit operating system:

   

7. Restart your web browser for the changes to take effect.

How to configure elevated in-trust browser (Windows XP users only)

1. Click the Start button and then type “mmc.exe” in the search field.
   

   The search results appear.

2. Click mmc.exe in the Programs list results.
   

   A user account control dialog box appears.

3. Click Yes.
   

   The Microsoft Management Console appears.

4. From the File menu, click Add/Remove Snap-in.

5. Select Certificates and then click the Add button.
   

   The Certificates snap-in dialog box appears.

6. Select Computer account and then click Next.

7. Select Local computer.

8. Expand Trusted Publishers.

9. Right click Certificates > All tasks > Import.

10. Locate the file publicBlueprintCertificate2017.cer and place the certificate in Trusted Publishers.

Once the certificate is imported, you can see the Blueprint Software Systems certificate in Trusted Publishers.

Learn More

About pasting images

About screen captures

About Visio integration

Blueprint Documentation|Blueprint eLearning|About Blueprint ©2018 Blueprint Software Systems Inc. All rights reserved Last updated: 2/1/2018