When trying to open/start an EXE, MSI, BAT and other executable types of files from a local or network directory in Windows, you can see this warning: Open file — Security Warning. To continue the program, a user must manually confirm the start of the file by clicking Run button. Such Windows behavior suggests a certain security level protecting the system from running potentially dangerous executable files downloaded from the Internet or other untrusted sources.
In some cases when this software is run or installed in the background using the Scheduler scripts, Group Policies, SCCM tasks, etc., it can cause some issues since the warning window doesn’t appear in the user session. So, it becomes impossible to run such application in a batch mode.
Let’s remind what the warning window looks like. Thus, when trying to open a file from the network folder, the warning window looks as follows:
Let’s try to find out how to disable security warnings when running executable or installation files in Windows 7 (actually, these instructions suit other Microsoft OSs starting from Windows XP.)
- Open the properties of the executable file
- If the file has been downloaded from the Internet, the following warning appears:
- In General tab, click Unblock.
After the file has been unblocked, it is run without the warning window (the marker is removed).
When Running an App from a Network Directory
If the warning window appears when trying to run an app from a network directory, you have to add the name and/or the IP address of the server the file is stored on (depending on the type of addressing to the server) to Local Intranet Zone in Internet Explorer settings. To do it:
- Go to Control Panel → Internet Option
- Security tab
- Open Local Intranet → Sites → Advanced Tip. These settings are stored in the registry branch HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.
- In the next window, add a name and/or an IP address of a server. For example, \\10.0.0.6, \\srvcontoso.com or \\127.0.0.1\ for a local machine.
You can do the same using GPO. To do it, enable the policy Compute Configuration-> Administrative Templates->Windows Components->Internet Explorer -> Internet Control Panel -> Security Page -> Site to Zone Assignment List. In its settings, specify the list of trusted servers in the following format:
- Server name (e.g., file://server_name, \\server_name, server_name or IP)
- Zone number (1 for the Local Intranet Zone)
How to Disable the Security Warnings for Certain File Types Using Group Policies
To radically solve the problem (though less secure), you can completely disable this warning using GPO.
To do it, in the GPO Editor go to:
User Configuration-> Administrative Templates-> Windows Components-> Attachment Manager.
- Enable the policy Do not preserve zone information in file attachments. All the downloaded files will be run without the warning on all computers.
- Enable the policy Inclusion list for low file types, and in its settings specify the list of file extensions you would like to run, e.g., .exe; .vbs; .msi. The system will ignore the markers on the files with these extensions and run them without the warning.
Save the policy, assign it to the target OU and apply it to clients by running on them
