Tuesday, June 26, 2012

Fixing "Open File - Security Warning" prompts in Windows 7 / 2008

If you enable Folder Redirection from a GPO, or even if you are trying to run a program from a non-local source, you'll run into this dialogue box:


For me, it was particularly annoying as it would happen when accessing any item from the start menu on our remote desktop server, as we were redirecting the AppData folder as well.

The fix is through GPO. I assume you know how to make a new GPO, and so to save time, here is the location.

User Configuration - Administative Templates - Windows Components - Internet Explorer - Internet Control Panel - Security Page  ... then it's Site to Zone Assignment List


I set both values for my file server here. You could also use a wildcard like *.yourdomain.com if you liked.

2 is the value for Trusted Sites. Check the help in the GPO Management box for other options.

The only downside to this is that now the user can't add their own trusted domains, as once it's specified in GPO, it can't be altered by the user.

8 comments:

  1. I hate to ask but can anybody explain this one and WTF IE has to do with this?!?!?!?!?

    ReplyDelete
  2. Back before MS was forced to split IE from Windows Explorer due to monopoly rules (they are still suffering for this in the EU currently), they were the same code-base.

    GPO's of this era would be based around IE controls.

    ReplyDelete
  3. Not working for me, I tried it at the machine level as well as the user level. I thought a prefix like ftp or http had to be defined.

    ReplyDelete
  4. Not working for me, I tried it at the user and machine level and still nothing. I thought we need to specify an intranet policy and the connection type like, http or https or ftp?

    ReplyDelete
  5. We had the correct Site to Zone settings but I was still getting the error. I was able to fix it by supplying the FQDN for all my File Servers within the Path info under Folder Redirection>AppData(Roaming)>Setting: Advanced in the GPO. Ex: \\FileServer.MyDomain.com\USERS\%USERNAME%\AppData\Roaming

    ReplyDelete
  6. instead of user the administrative template you can create a gpo to create registry directly, (under preference>windows settings>registry) that way users can still add trusted sites themselves.

    ReplyDelete