30

I've created a setup executable which I have signed. It's located on a network share (which I access using unc - \server\share\setup.exe).

When I double click the executable file, I get a Windows warning saying:

Title: Open File -> Security Warning
Do you want to run this file?
Name: setup.exe
Publisher: My Company
Type: Application
From: \\Path\to\setup\folder

Then there's a yellow shield with the text "While files from the Internet can be useful, this file type can potentially harm your computer. only run software from publihers you trust." next to it.

I'm guessing I could configure Windows to trust software from my company. I also think that it's possible to disable specific security checks to get rid of the warning. Or I could tell Windows to consider UNC-paths local.

Is there some other method to disable the warning? I don't want my customers to see this warning when they install the software from their network share. And I don't want to tell these customers to disable certain security checks.

John
  • 301
  • 1
  • 3
  • 3

3 Answers3

44

In Internet Explorer:

  1. Tools menu → Internet OptionsSecurity tab
  2. Click Local Intranet icon to select it
  3. Click Sites
  4. Check Automatically detect intranet network
  5. Click Advanced
  6. In the Add this website to the zone: text box type file://computername or IP (in your case file://path).
  7. Click Add
  8. Click Close, OK, and OK again to exit Internet Options.

Alternatively, you may uncheck the Automatically detect intranet network, and check the other three check boxes. This saves you from having to enter each machine name manually, but allowing all network paths is probably not secure.

See also

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Gennady Vanin Геннадий Ванин
  • 10,136
  • 11
  • 75
  • 106
  • Windows 7 has unchecked the "Automatically detect intranet network" and checked the other three boxes, so I think that is the best solution. – Christian Davén Dec 11 '14 at 09:48
  • 2
    Note that the computer name needs to be in ***Local Intranet***. (I still get the message even if the computer is in "Trusted Sites".) Moving to Local Intranet fixed it for me! – AdamsTips Mar 22 '17 at 16:20
  • 2
    You need to restart _explorer.exe_ after this to take effect. – cdlvcdlv Jul 15 '19 at 13:39
6

Another possibility specially for remote desktop services is to use group policies.

1.) Open the group policy editor on your domain controller

2.) Create a group policy object (e.g. deactivate file security on network share).

3.) Edit this new object

4.) Under User ConfigurationAdministrative TemplatesWindows ComponentsInternet ExplorerInternet Control PanelSecurity Page edit Site to Zone Assignment List

5.) Select Activate and click Show

6.) Add your network share path under valuename and set value to 1. 1 means local intranet.

7.) I think it is also a good idea to enable Intranet Sites: Include all local (intranet) sites not listed in other zones and Intranet Sites: Include all network paths (UNCs)

8.) Then close the object and link it to some user OU for which you want to apply these settings.

9.) Activate your new linked object.

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
M46
  • 923
  • 9
  • 20
0

Many years later...

Actually you want users to be warned if they install arbitrary software, especially over the network.

But you signed your software so everyone can verify it comes from you and was not tampered with. That is displayed already.

So if you want even less warnings to show up (users will start ignoring them anyway if they are too many), you need to add your code signing certificate to the Windows trust store. Then Windows knows who created the software, sees that it can be trusted and does not warn.

How exactly the signing certificate, or maybe the CA certificate gets added to

Queeg
  • 7,748
  • 1
  • 16
  • 42