Posted on June 19, 2015 · Posted in Windows 7

How to Disable “Open File Security Warnings” in Windows 7

When trying to open/start an EXE, MSI, BAT and other executable types of files from a local or network directory in Windows, you can see this warning: Open file — Security Warning. To continue the program, a user must manually confirm the start of the file by clicking Run button. Such Windows behavior suggests a certain security level protecting the system from running potentially dangerous executable files downloaded  from the Internet or other untrusted sources.

In some cases when this software is run or installed in the background using the Scheduler scripts, Group Policies, SCCM tasks, etc., it can cause some issues since the warning window doesn’t appear in the user session. So, it becomes impossible to run such application in a batch mode.

Let’s remind what the warning window looks like. Thus, when trying to open a file from the network folder, the warning window looks as follows:

Open File — Security Warning
The Publisher could not be verified. Are you sure you want to run this software?

Open File — Security Warning. The Publisher could not be verified.

When running a file from the local disk (or a network directory mounted with net use), the text of the warning is a bit different:
Open File — Security Warning
Do you want to run this file?

Do you want to run this file? Open File — Security Warning

Let’s try to find out how to disable security warnings when running executable or installation files in Windows 7 (actually, these instructions suit other Microsoft OSs starting from Windows XP.)

We suggest several variants of how to disable this warning. Choose the suitable one depending on the necessary solution. (In some cases you will have to combine the solutions.)

Important. If you disable this window with the security warning, the security level decreases and the risk of infecting your computer grows.

When Running a Local App Downloaded from the Internet

The executable files downloaded from the Internet are automatically marked as potentially dangerous (downloaded from untrusted source). This feature is implemented using the alternative NTFS file stream (to make it simple, let’s consider it to be a special file marker) which is automatically assigned to the downloaded file (see How Windows determines that the file is downloaded from the Internet). To remove this marker, you need to unblock this app. To do it:

  • Open the properties of the executable file
  • If the file has been downloaded from the Internet, the following warning appears:  This file came from another computer and might be blocked to help protect this computer.
  • In General tab, click Unblock.Unblock file that were downloaded from the Internet

After the file has been unblocked, it is run without the warning window (the marker is removed).

Trick.To prevent the automatic assigning of a marker to a file, you can save the downloaded files to disk formatted in FAT32 or exFAT. Alternative NTFS streams do not work in these file systems.

When Running an App from a Network Directory

If the warning window appears when trying to run an app from a network directory, you have to add the name and/or the IP address of the server the file is stored on (depending on the type of addressing to the server) to Local Intranet Zone in Internet Explorer settings. To do it:

  • Go to Control PanelInternet Option
  • Security tab
  • Open Local IntranetSitesAdvanced  IE Security: Local Intranet Zone settings

    Tip. These settings are stored in the registry branch HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.

  • In the next window, add a name and/or an IP address of a server. For example, \\, \\ or \\\ for a local machine.Add websites to Local Intranet Zone

You can do the same using GPO. To do it, enable the policy Compute Configuration-> Administrative Templates->Windows Components->Internet Explorer -> Internet Control Panel -> Security Page -> Site to Zone Assignment List. In its settings, specify the list of trusted servers in the following format:

  1. Server name (e.g., file://server_name, \\server_name, server_name or IP)
  2. Zone number (1 for the Local Intranet Zone)GPO: Site to Zone Assignment List


How to Disable the Security Warnings for Certain File Types Using Group Policies

To radically solve the problem (though less secure), you can completely disable this warning using GPO.

To do it, in the GPO Editor go to:

User Configuration-> Administrative Templates-> Windows Components-> Attachment Manager.

  • Enable the policy Do not preserve zone information in file attachments. All the downloaded files will be run without the warning on all computers.
  • Enable the policy Inclusion list for low file types, and in its settings specify the list of file extensions you would like to run, e.g., .exe; .vbs; .msi. The system will ignore the markers on the files with these extensions and run them without the warning.

Inclusion list for low file types

Save the policy, assign it to the target OU and apply it to clients by running on them gpupdate /force

Related Articles