When you are trying to run an executable located on another machine on your network, running Windows XP SP2 or higher, you are accosted with a prompt: “The publisher could not be verified”. You are forced to confirm that you wish to run this program… every time you run it.
You can disappear this message by setting the following Group Policy Object (GPO)
Go to User Configuration >> Administrative Templates >> Windows Components >> Attachement Manager and add “*.exe” to the “Inclusion list for moderate risk file types” setting.
“This policy setting allows you to configure the list of moderate risk file types. If the attachment is in the list of moderate risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. …”
In other words, this allows you to run an .exe from the Intranet zone without a prompt, but it will warn before running one from the Internet. A lot of people are instructing to add *.exe to the list of low-risk file types. Doing so, you are allowing .exe files to execute from anywhere on the internet.
Attachment Manager doesn’t exist?
“Run gpedit.msc, under computer configuration – right click on
administrative templates and select add/remove templates, click add
button at bottom, select ‘system.adm’, click open, click close.”
This entry was posted in Windows. Bookmark the permalink.