We can't verify who created this file

I am getting this warning

I have an exe file which I need to run on startup using GPO.

I found how to either exclude the whole server where the file is or either exclude the filetype (.exe) from the check. UAC is already set to not notify.

I just want to exclude from the check just this single file not the whole server or all the EXEs. Any ideas how to do that?

Sonamor

Posted 2017-10-05T16:01:45.107

Reputation: 336

What exactly is your question? If you want to trust this file, you need to unblock it, go into the properties of the file in order to do that. – Ramhound – 2017-10-05T16:38:37.233

I am in a business environment this is not possible and either way it's already unblocked. – Sonamor – 2017-10-05T16:58:34.247

If you cannot do it then you will have to have an Administrator trust the file, because it currently isn't trusted, hence the reason you are getting the security warning. If you are an administrator, or are not authorized to make the change, then you will be unable to resolve the security miss configuration causing this warning. – Ramhound – 2017-10-05T17:00:39.280

Answers

I've created a script where I do the following

add a registry key which adds a specific server into the trusted zone launch the software remove the registry key

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*domainName*\servername" /v * /t REG_DWORD /d 1
sleep 2
pushd \\servername.domain.name\netlogon\software
& .\Software.exe
popd
sleep 2
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet 
Settings\ZoneMap\Domains\domainName" /f

Sonamor

Posted 2017-10-05T16:01:45.107

Reputation: 336

If using Group Policy you can add \\servername.domain.name\netlogon\software to the policy labeled "Site to Zone Assignment List" within User Configuration/Policies/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page with a value of 1 and that should take care of it too. – Pimp Juice IT – 2019-06-26T15:15:57.150

-2

There are a bunch of options online describing how to fix the issue. Here's the link so hopefully you can find what you need my friend.

Windows: Disable “Publisher Could Not Be Verified” Messages

Option 1 – Group Policy Editor

Hold the Windows Key, then press “R” to bring up the Run dialog box.
Type gpedit.msc, then select “OK“. Go to “User Configuration” > Administrative Templates” > “Windows Components” > “Attachment Manager“.
- Open the “Inclusion list for moderate risk file types” setting. Set the policy to “Enabled“, then add *.exe; or whatever the file extension you are using to the “Specify high risk extensions” box.

Option 2 – Registry Tweak

Hold the Windows Key, then press “R” to bring up the Run dialog box.
Type regedit, then select “OK“.
Navigate to the following: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Look for an entry on the right side for LowRiskFileTypes. If it doesn’t exist, you will need to create it. To do so, right-click on FileSystem and select “New” > “String Value“. Give the value a name of LowRiskFileTypes.
Press the “Enter” key when you are done.
Right-click the LowRiskFileTypes entry and click “Modify“.
Modify the value by including file extensions, with periods, separated by semi-colons .bat;.exe would add batch and executable files.

This should disable the Publisher Could Not Be Verified messages from appearing for that file type in the future.

r0ca

Posted 2017-10-05T16:01:45.107

Reputation: 5 474

I don't want to do that for all exe files. – Sonamor – 2017-10-05T16:58:02.867