Security warning when opening file from network share

Question

I've created a setup executable which I have signed. It's located on a network share (which I access using unc - \server\share\setup.exe).

When I double click the executable file, I get a Windows warning saying:

Title: Open File -> Security Warning
Do you want to run this file?
Name: setup.exe
Publisher: My Company
Type: Application
From: \\Path\to\setup\folder

Then there's a yellow shield with the text "While files from the Internet can be useful, this file type can potentially harm your computer. only run software from publihers you trust." next to it.

I'm guessing I could configure Windows to trust software from my company. I also think that it's possible to disable specific security checks to get rid of the warning. Or I could tell Windows to consider UNC-paths local.

Is there some other method to disable the warning? I don't want my customers to see this warning when they install the software from their network share. And I don't want to tell these customers to disable certain security checks.

Answer 1

In Internet Explorer:

1. Tools menu → Internet Options → Security tab
2. Click Local Intranet icon to select it
3. Click Sites
4. Check Automatically detect intranet network
5. Click Advanced
6. In the Add this website to the zone: text box type file://computername or IP (in your case file://path).
7. Click Add
8. Click Close, OK, and OK again to exit Internet Options.

Alternatively, you may uncheck the Automatically detect intranet network, and check the other three check boxes. This saves you from having to enter each machine name manually, but allowing all network paths is probably not secure.

See also

Answer 2

Another possibility specially for remote desktop services is to use group policies.

1.) Open the group policy editor on your domain controller

2.) Create a group policy object (e.g. deactivate file security on network share).

3.) Edit this new object

4.) Under User Configuration → Administrative Templates → Windows Components → Internet Explorer → Internet Control Panel → Security Page edit Site to Zone Assignment List

5.) Select Activate and click Show

6.) Add your network share path under valuename and set value to 1. 1 means local intranet.

7.) I think it is also a good idea to enable Intranet Sites: Include all local (intranet) sites not listed in other zones and Intranet Sites: Include all network paths (UNCs)

8.) Then close the object and link it to some user OU for which you want to apply these settings.

9.) Activate your new linked object.