When trying to open/start an EXE, MSI, BAT and other executable types of files from a local or network directory in Windows, you can see this warning: Open file — Security Warning. To continue the program, a user must manually confirm the start of the file by clicking Run button. Such Windows behavior suggests a certain security level protecting the system from running potentially dangerous executable files downloaded from the Internet or other untrusted sources.
In some cases when this software is run or installed in the background using the Scheduler scripts, Group Policies, SCCM tasks, etc., it can cause some issues since the warning window doesn’t appear in the user session. So, it becomes impossible to run such application in a batch mode.
Let’s remind what the warning window looks like. Thus, when trying to open a file from the network folder, the warning window looks as follows:
Open File — Security Warning
The Publisher could not be verified. Are you sure you want to run this software?
When running a file from the local disk (or a network directory mounted with net use), the text of the warning is a bit different:
Open File — Security Warning
Do you want to run this file?
Let’s try to find out how to disable security warnings when running executable or installation files in Windows 7 (actually, these instructions suit other Microsoft OSs starting from Windows XP.)
We suggest several variants of how to disable this warning. Choose the suitable one depending on the necessary solution. (In some cases you will have to combine the solutions.)
When Running a Local App Downloaded from the Internet
The executable files downloaded from the Internet are automatically marked as potentially dangerous (downloaded from untrusted source). This feature is implemented using the alternative NTFS file stream (to make it simple, let’s consider it to be a special file marker) which is automatically assigned to the downloaded file (see How Windows determines that the file is downloaded from the Internet). To remove this marker, you need to unblock this app. To do it:
- Open the properties of the executable file
- If the file has been downloaded from the Internet, the following warning appears:
This file came from another computer and might be blocked to help protect this computer.
- In General tab, click Unblock.
After the file has been unblocked, it is run without the warning window (the marker is removed).
When Running an App from a Network Directory
If the warning window appears when trying to run an app from a network directory, you have to add the name and/or the IP address of the server the file is stored on (depending on the type of addressing to the server) to Local Intranet Zone in Internet Explorer settings. To do it:
- Go to Control Panel → Internet Option
- Security tab
- Open Local Intranet → Sites → Advanced
- In the next window, add a name and/or an IP address of a server. For example, \\10.0.0.6, \\srvcontoso.com or \\127.0.0.1\ for a local machine.
You can do the same using GPO. To do it, enable the policy Compute Configuration-> Administrative Templates->Windows Components->Internet Explorer -> Internet Control Panel -> Security Page -> Site to Zone Assignment List. In its settings, specify the list of trusted servers in the following format:
- Server name (e.g., file://server_name, \\server_name, server_name or IP)
- Zone number (1 for the Local Intranet Zone)
How to Disable the Security Warnings for Certain File Types Using Group Policies
To radically solve the problem (though less secure), you can completely disable this warning using GPO.
To do it, in the GPO Editor go to:
User Configuration-> Administrative Templates-> Windows Components-> Attachment Manager.
- Enable the policy Do not preserve zone information in file attachments. All the downloaded files will be run without the warning on all computers.
- Enable the policy Inclusion list for low file types, and in its settings specify the list of file extensions you would like to run, e.g., .exe; .vbs; .msi. The system will ignore the markers on the files with these extensions and run them without the warning.
Save the policy, assign it to the target OU and apply it to clients by running on them