locked
disable open file security warning, unknown publisher. RRS feed

  • Question

  • Customer is trying to run an rdp connection on their desktop to a unc path with an executable file.   I get a popup that states "Open File - Security Warning", unknown publisher, and it give the unc path (\\server\filename.exe).  If I click ok, the program executes ok.  The customer doesn't want this warning.  Have tried disabling UAC, putting .exe  in inclusion list in GPEDIT.MSC (User Configuration > Administrative Templates > Windows Components >Attachment Manager- then set -Inclusion list).

    Have also tried allowing "Launching applications and unsafe files " in Internet Options.

    Lastly, tried enabling "Turn off the Security Settings Check feature " in GPEDIT.MSC. 

    At my wits end.  Does anyone have any other suggestions?

     

    Monday, July 12, 2010 10:17 PM

Answers

  • 1.     Go to Group Policy and then expand:

     

    Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

     

    2.     On the right pane, double click Inclusion list for low file types.

    3.     Click Enable.

    4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

    5.     Click OK.

     

    Hope this helps.

     

    Regards,

    Linda

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Linda Yan Monday, July 19, 2010 1:44 AM
    Wednesday, July 14, 2010 6:48 AM

All replies

  • Some possibilities here: How to get rid of "Open file - security warning " - Windows 7 Forums
    Rich The only two things that are infinite in size are the universe, and human stupidity. And I'm not completely sure about the universe. - Albert Einstein
    • Proposed as answer by AikonEnohp Wednesday, April 17, 2013 6:55 AM
    Tuesday, July 13, 2010 1:44 AM
  • 1.     Go to Group Policy and then expand:

     

    Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

     

    2.     On the right pane, double click Inclusion list for low file types.

    3.     Click Enable.

    4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

    5.     Click OK.

     

    Hope this helps.

     

    Regards,

    Linda

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Linda Yan Monday, July 19, 2010 1:44 AM
    Wednesday, July 14, 2010 6:48 AM
  • Brilliant!

    I've been looking for this answer for the past 5 hours!

    Many thanks Linda, this was exactly what I needed to remove the file open warning from my users Remote desktops when they open .cmd files on a namespace share in server 2008 R2.

    phil stedman


    So many bugs....so little time to swat them :)

    Sunday, March 18, 2012 5:52 PM
  • Thanks Linda, this did the trick for me!!
    Wednesday, April 4, 2012 1:41 AM
  • How can we do this for folders. My users when access the folders that led to the network share, got the open file security dialogue. What to do for this?

    Vipin Tyagi (MCSE 2003) Windows Admin

    Thursday, April 26, 2012 8:51 AM
  • I did this, but the publisher warning still pops up, unless I run as administrator.  I don't want to have to run it as administrator everytime, it is irritating. 

    I am running .exe files from a network share, is there something different that I would have to do?  Thanks in advance.

    Tuesday, May 1, 2012 12:50 PM
  • I'm having the exact same issue as Scantron-HTS.  I've been looking for a solution for a couple weeks now.  I've tried modifying my registry as suggested in some of the posts I've found, modified my group policy as this post suggests, setup a shortcut with administrative privileges, added the file's path to the trusted sites in Internet Explorer, and sever other suggestions I've found online.  Nothing seems to prevent the Security Warning from showing up.  If anyone has other suggestions, please share.
    Friday, August 24, 2012 1:23 PM
  • if the group policy doesn't work for you, then you might need to use caspol.exe if its a .net program you running

    # run this from the computer that is giving the warning to allow a specific folder off the network to be trusted
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -polchgprompt off -machine -addgroup 1.2 -url \\servername\foldershare\* FullTrust

    # use this to list the policies you currently have
    caspol -l

     not sure if it will fix it for you but worth a try.
    • Proposed as answer by AikonEnohp Wednesday, April 17, 2013 6:51 AM
    Tuesday, April 16, 2013 11:45 PM
  • This is the only correct approach listed.  Moreover, the alternate approach proposed not only lowers the security bar for your 1 .exe file but globally and for ALL .exe files. (including a nonillion pieces of malware).  Combining this with the use of a RDT connection string pushy the "fix" from lazy to crazy.  

    This is all topped off with follow-up grumbling about “always having to click run as administrator”, it like so annoying!  Good news, there is a quick global fix for that as well.  

    TTucker told was trying to tell you the same thing but, in fairness, that Albert Einstein stuff is hard to grasp!

     

         

    Art Barnwell

    Wednesday, April 17, 2013 6:51 AM
  • I would recommend using treat UNC path as Intranet Site so it abides by the Intranet Zone Mapping rules.

    Administrative Templates \ Windows Components \ Internet Control Panel \ Security Page \ Intranet Sites: Include all network paths (UNCs) - Enabled

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ REG_DWORD "UNCAsIntranet" data value of "1"

    Sunday, September 15, 2013 2:26 PM
  • Linda,

    Do you have a solution for Windows Home Premium?

    Thanks,

    Michael

    Monday, November 25, 2013 2:36 AM
  • if it is a program on a local machine then just add the server name to the "Local Intranet>Sites"

    ie: servername or servername.example.com

    Wednesday, December 18, 2013 2:08 AM
  • 1.     Go to Group Policy and then expand:

     

    Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

     

    2.     On the right pane, double click Inclusion list for low file types.

    3.     Click Enable.

    4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

    5.     Click OK.

     

    Hope this helps.

     

    Regards,

    Linda

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    I tried it on domain GPO, works fine.

    thanks,


    yxh

    Wednesday, February 19, 2014 9:52 PM
  • I had also tried the first two settings to no avail.  And this did work great in my situation - Thanks for the solution!
    Tuesday, May 6, 2014 1:06 PM
  • Thanks.

    This is worked

    Wednesday, July 23, 2014 4:06 AM
  • Thank you worked exactly as described for windows xp pro
    Sunday, January 8, 2017 8:19 PM
  • You can run your application as administrator, everytime. Go into Properties -> Compatibility -> Settings -> Check 'Run this program as an administrator'
    Friday, August 3, 2018 7:13 PM
  • I had the same issue as well unable to install from UNC Path and getting Access Denied. I was able to do this on other systems but not on this one machine. I thought it might have been something not configured correct on the machine, then I looked at GPO to see if policy was being passed, I noticed that user policy was being past and machine policy was failing. I look at the OU the machine was locate and it was in the wrong OU. I moved the machine to the correct OU did GPUpdate /Force, required a reboot. Logged back into the machine after reboot and I was able to install the application from UNC.

    Wednesday, April 10, 2019 3:39 AM