This isn't a question but a tip. I feel the need to post it somewhere because I've 
been looking for the answer (half-ass-edly) for years. (I finally just figured it 
out on Vista, but I'm sure it applies to XP SP2 also.)

Problem:
Running XP SP2 or higher, you try to run an executable located on another machine 
on your network. Your accosted with a prompt: "The publisher could not be verified". 
You are forced to confirm that you wish to run this program... every time you run 
it.

Solution:
Run gpedit.msc 

Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment 
Manager

Add "*.exe" to the "Inclusion list for moderate risk file types" setting. 

"This policy setting allows you to configure the list of moderate risk file types. 
If the attachment is in the list of moderate risk file types and is from the restricted 
or Internet zone, Windows prompts the user before accessing the file. ..."

In other words, this allows you to run an .exe from the Intranet zone without a prompt, 
but it will warn before running one from the Internet.

(If you Google, a lot of people are instructing to add *.exe to the list of low-risk 
file types, allowing .exe files to execute from anywhere on the internet. A lot of 
other solutions that simply don't work are floating around as well.)

[Reply or follow-up to this message]

Thank you for this information it was very helpful. As you stated there are a number of misguided solution offered. Yours worked well and made sense.


On Sunday, June 25, 2006 at 11:40 am, eatyummypuppies wrote:
>This isn't a question but a tip. I feel the need to post it somewhere because I've
>been looking for the answer (half-ass-edly) for years. (I finally just figured it
>out on Vista, but I'm sure it applies to XP SP2 also.)
>
>Problem:
>Running XP SP2 or higher, you try to run an executable located on another machine
>on your network. Your accosted with a prompt: "The publisher could not be verified".
>You are forced to confirm that you wish to run this program... every time you run
>it.
>
>Solution:
>Run gpedit.msc
>
>Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment
>Manager
>
>Add "*.exe" to the "Inclusion list for moderate risk file types" setting.
>
>"This policy setting allows you to configure the list of moderate risk file types.
>If the attachment is in the list of moderate risk file types and is from the restricted
>or Internet zone, Windows prompts the user before accessing the file. ..."
>
>In other words, this allows you to run an .exe from the Intranet zone without a prompt,
>but it will warn before running one from the Internet.
>
>(If you Google, a lot of people are instructing to add *.exe to the list of low-risk
>file types, allowing .exe files to execute from anywhere on the internet. A lot of
>other solutions that simply don't work are floating around as well.)

[Reply or follow-up to this message]

Here is your answer (straight from MS): The Attachment Manager classifies files that you receive or that you download based on the file type and the file name extension. Attachment Manager classifies files types as high risk, medium risk, and low risk. When you save files to your hard disk from a program that uses the Attachment Manager, the Web content zone information for the file is also saved with the file. For example, if you save a compressed file (.zip) that is attached to an e-mail message to your hard disk, the Web content zone information is also saved when you save the compressed file. When you try to extract the contents from the compressed file, or if you try to run a file, you cannot. The Web content zone information is saved together with the files only if the hard disk uses the NTFS file system. You can open a blocked file from a known source if you want to. To open a blocked file, follow these steps: 1. Right-click the blocked file, and then click Properties. 2. In the General tab, click Unblock.


On Thursday, September 28, 2006 at 1:04 pm, Al wrote:
>Thank you for this information it was very helpful. As you stated there are a number
>of misguided solution offered. Yours worked well and made sense.
>
>
>

[Reply or follow-up to this message]

An additional issue (nearly identical and at exactly the same time) has cropped up on this XPsp2/IE7 PC as did the one you describe fixing as above with gpedit... Now, every time I open my (networked) "My Documents" folder I get a very similar (IE) ererror: "This page has an unspecified potential security risk. Would you like to continue?". This does not happen opening other networked folders, just the My Docs folder. The fix above solved my issue of the Networked StartUp Folder EXEs prompting me to run on every WinStartUp but why THAT folder and no other networked shares?

[Reply or follow-up to this message]

Sweet Savior of Glorious Puppies, THANK YOU -Dejunai


On Sunday, June 25, 2006 at 11:40 am, eatyummypuppies wrote:
>This isn't a question but a tip. I feel the need to post it somewhere because I've
>been looking for the answer (half-ass-edly) for years. (I finally just figured it
>out on Vista, but I'm sure it applies to XP SP2 also.)
>
>Problem:
>Running XP SP2 or higher, you try to run an executable located on another machine
>on your network. Your accosted with a prompt: "The publisher could not be verified".
>You are forced to confirm that you wish to run this program... every time you run
>it.
>
>Solution:
>Run gpedit.msc
>
>Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment
>Manager
>
>Add "*.exe" to the "Inclusion list for moderate risk file types" setting.
>
>"This policy setting allows you to configure the list of moderate risk file types.
>If the attachment is in the list of moderate risk file types and is from the restricted
>or Internet zone, Windows prompts the user before accessing the file. ..."
>
>In other words, this allows you to run an .exe from the Intranet zone without a prompt,
>but it will warn before running one from the Internet.
>
>(If you Google, a lot of people are instructing to add *.exe to the list of low-risk
>file types, allowing .exe files to execute from anywhere on the internet. A lot of
>other solutions that simply don't work are floating around as well.)

[Reply or follow-up to this message]

There is no "Unblock" check box in the General or any other tab in the Properies for the program.


On Sunday, October 29, 2006 at 7:02 am, T. Berry wrote:
>Here is your answer (straight from MS):
>
>
>The Attachment Manager classifies files that you receive or that you download based
>on the file type and the file name extension. Attachment Manager classifies files
>types as high risk, medium risk, and low risk. When you save files to your hard disk
>from a program that uses the Attachment Manager, the Web content zone information
>for the file is also saved with the file. For example, if you save a compressed file
>(.zip) that is attached to an e-mail message to your hard disk, the Web content zone
>information is also saved when you save the compressed file. When you try to extract
>the contents from the compressed file, or if you try to run a file, you cannot. The
>Web content zone information is saved together with the files only if the hard disk
>uses the NTFS file system.
>
>You can open a blocked file from a known source if you want to. To open a blocked
>file, follow these steps: 1. Right-click the blocked file, and then click Properties.
>2. In the General tab, click Unblock.
>
>
>
>

[Reply or follow-up to this message]

Good tip, however this won't work in Vista except in the Business and Ultimate versions (and I imagine Enterprise). There is no group policy editor in the Home versions of Vista.


On Friday, July 27, 2007 at 10:49 am, Ken wrote:
>There is no "Unblock" check box in the General or any other tab in the Properies
>for the program.
>
>
>
>

[Reply or follow-up to this message]

Possibly, modifying the registry can work. 
Note that I had no chance to verify this. 
However, here is the information if someone wants to give it a try.

Here is what I did: after doing what was suggested above, 
I went to the registry, looking for ".exe" (whole string). 
I found the following two entries:

[HKEY_USERS\S-1-5-21-436374069-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Group 
Policy Objects\{D6F0CF57-F4B7-4A5E-99CF-5A432ED9C0D9}User\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"ModRiskFileTypes"=".exe"


[HKEY_USERS\S-1-5-21-436374069-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"ModRiskFileTypes"=".exe"

Presumably, the cryptic-looking part is different on all machines. 
I suggest you to walk to the relevant part of the registry and add these entries. 
Let us know if this works on the Home editions.







On Friday, July 27, 2007 at 3:02 pm, JSanders wrote:

>Good tip, however this won't work in Vista except in the Business and Ultimate versions 

>(and I imagine Enterprise).  There is no group policy editor in the Home versions 

>of Vista.

>
 

[Reply or follow-up to this message]

This solution doesn't work for Windows XP Home. I couldn't find gpedit.msc and the Policy editor console (mmc) wouldn't let me load the users policies snap-in. It found them but said Windows XP home can only access local users through the control panel. So I'm still stuck OK'ing applications every time I run them. It's an annoyance, all right!

[Reply or follow-up to this message]

The Unblock button only appears if you are logged in locally where the files are stored, e.g the server As far as I can see you can only unblock one file at a time. Thankyou to Eatyummypuppies and T.Berry for this info - helped me out and made my school users very happy!


On Friday, July 27, 2007 at 10:49 am, Ken wrote:
>There is no "Unblock" check box in the General or any other tab in the Properies
>for the program.
>

[Reply or follow-up to this message]

If you get this error while trying to run an executable off another server on the network, an easier way to fix this is: Open IE, menu: Tools/Internet Options, Security tab. Click on "Trusted Sites", hit "Sites" button. Then add the server name to the list (you'll need to uncheck the "https" checkbox). This puts that server as a trusted server and the prompts will not occur.

[Reply or follow-up to this message]

I am extremely grateful for this tip, and wanted to thank you for solving my problem (though you posted this a century ago). Your tip was especially applicable to Windows XP. I was trying to run an executable program from another computer on my client's new laptop and kept getting "the publisher not verified." Your solution addresses the security issue as well, since it allows an executable program only on the Intranet (the networked computers in the office). Thank YOU again.


On Sunday, June 25, 2006 at 11:40 am, eatyummypuppies wrote:
>This isn't a question but a tip. I feel the need to post it somewhere because I've
>been looking for the answer (half-ass-edly) for years. (I finally just figured it
>out on Vista, but I'm sure it applies to XP SP2 also.)
>
>Problem:
>Running XP SP2 or higher, you try to run an executable located on another machine
>on your network. Your accosted with a prompt: "The publisher could not be verified".
>You are forced to confirm that you wish to run this program... every time you run
>it.
>
>Solution:
>Run gpedit.msc
>
>Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment
>Manager
>
>Add "*.exe" to the "Inclusion list for moderate risk file types" setting.
>
>"This policy setting allows you to configure the list of moderate risk file types.
>If the attachment is in the list of moderate risk file types and is from the restricted
>or Internet zone, Windows prompts the user before accessing the file. ..."
>
>In other words, this allows you to run an .exe from the Intranet zone without a prompt,
>but it will warn before running one from the Internet.
>
>(If you Google, a lot of people are instructing to add *.exe to the list of low-risk
>file types, allowing .exe files to execute from anywhere on the internet. A lot of
>other solutions that simply don't work are floating around as well.)

[Reply or follow-up to this message]

Thanks a lot dude!!!!!!!!!!! Iv'e been pulling my hairs off for a looong time to get my windows automation work on windows. -Geopher


On Sunday, June 25, 2006 at 11:40 am, eatyummypuppies wrote:
>This isn't a question but a tip. I feel the need to post it somewhere because I've
>been looking for the answer (half-ass-edly) for years. (I finally just figured it
>out on Vista, but I'm sure it applies to XP SP2 also.)
>
>Problem:
>Running XP SP2 or higher, you try to run an executable located on another machine
>on your network. Your accosted with a prompt: "The publisher could not be verified".
>You are forced to confirm that you wish to run this program... every time you run
>it.
>
>Solution:
>Run gpedit.msc
>
>Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment
>Manager
>
>Add "*.exe" to the "Inclusion list for moderate risk file types" setting.
>
>"This policy setting allows you to configure the list of moderate risk file types.
>If the attachment is in the list of moderate risk file types and is from the restricted
>or Internet zone, Windows prompts the user before accessing the file. ..."
>
>In other words, this allows you to run an .exe from the Intranet zone without a prompt,
>but it will warn before running one from the Internet.
>
>(If you Google, a lot of people are instructing to add *.exe to the list of low-risk
>file types, allowing .exe files to execute from anywhere on the internet. A lot of
>other solutions that simply don't work are floating around as well.)

[Reply or follow-up to this message]

I am really thankful regarding this review, solved a problem that i was facing while 
ececuting a bat file from SSIS.

Thanks
Amar







On Sunday, June 25, 2006 at 11:40 am, eatyummypuppies wrote:

>This isn't a question but a tip. I feel the need to post it somewhere because I've 

>been looking for the answer (half-ass-edly) for years. (I finally just figured it 

>out on Vista, but I'm sure it applies to XP SP2 also.)

>

>Problem:

>Running XP SP2 or higher, you try to run an executable located on another machine 

>on your network. Your accosted with a prompt: "The publisher could not be verified". 

>You are forced to confirm that you wish to run this program... every time you run 

>it.

>

>Solution:

>Run gpedit.msc 

>

>Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment 

>Manager

>

>Add "*.exe" to the "Inclusion list for moderate risk file types" setting. 

>

>"This policy setting allows you to configure the list of moderate risk file types. 

>If the attachment is in the list of moderate risk file types and is from the restricted 

>or Internet zone, Windows prompts the user before accessing the file. ..."

>

>In other words, this allows you to run an .exe from the Intranet zone without a 
prompt, 

>but it will warn before running one from the Internet.

>

>(If you Google, a lot of people are instructing to add *.exe to the list of low-risk 

>file types, allowing .exe files to execute from anywhere on the internet. A lot 
of 

>other solutions that simply don't work are floating around as well.) 

[Reply or follow-up to this message]

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum