Security Warning when running scripts - Unblock-File not unblocking file

Asked 26/7, 2016 at 8:11 Answered 26/9 at 17:38

Solved security powershell powershell-ise

I suddenly started to recceive this warning when running any script on my computer:

Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer...

Screenshot:

The files are not blocked.

I have

checked in File Explorer > Properties.
used the Unblock-File cmdlet to unblock as well.
checked streams using cmdlet: Get-Content -Path '\\Path\Script.ps1' -Stream Zone.Identifier. No Streams found.
used Streams.exe from Sysinternals: streams.exe -d \\Path\Script.ps1. No files with streams found.

Also tried to remove streams with Powershell:

Remove-Item -Path \\Path\Script.ps1 -Stream Zone.Identifier

Of course without success as there are no streams.

Execution policy is Unrestricted.

When I run Set-ExecutionPolicy Bypass it works without warning. It should, however, also work when it's unrestricted.

I honestly don't know what's going on.

Solitaire answered 26/7, 2016 at 8:11 Comment(2)

Does the script reside on a network drive? – Swivel 26/7, 2016 at 8:25

I know this is old, but this was helpful for me when i had the same problem: blog.netspi.com/… – Incrocci 19/9, 2018 at 14:12

After searching i found someone with similar issues and it was explained that Classic UNC paths will work without prompting to unblock the file:

\\Servername\Path...

However FQDN paths are not seen as safe by default and will prompt:

\\Servername.foo.local\Path...

My own testing confirms this to be correct as removing the .foo.local from the path causes the Unblock-File prompts to stop.

Patagonia answered 13/4, 2017 at 14:38 Comment(1)

Months of aggravation gone in an instant. You sir are a hero. – Cress 3/1, 2019 at 14:54

The correct registry keys, name and value, to treat all local sites as part of the intranet zone, are:

Keys:

HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

Name:  IntranetName
Type:  DWORD
Value: 1

You can set this via PowerShell for the local machine (in an elevated prompt) like this:

Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -Name "IntranetName" -Type DWord -Value 1

See Intranet Sites: Include all local (intranet) sites not listed in other zones for more information about the group policy.

Reflexion answered 2/6, 2021 at 11:8 Comment(0)

LGPE > gpedit.msc

Computer Configuration > Administrative Templates, > Windows Components, > Internet Explorer>expand Internet Control Panel. Security Page > Intranet Sites: Include all local (intranet) sites not listed in other zones, and then click Properties. Click Enabled.

Turn on automatic detection of the intranet, and then click Properties. Click Disabled, and then click OK.

or registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"UNCAsIntranet" = "0"

Pederasty answered 26/7, 2016 at 8:41 Comment(2)

Yesterday edited the registry key, but no change. Just tried with the gpedit method, rebooted, but still same issue. – Solitaire 27/7, 2016 at 9:20

LGPE? Let's Go Pikachu/Eevee? – Depilatory 1/10, 2019 at 21:0

This is the only thing that worked for me, adding the exact hostname of the share:

reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\school.edu\mdt.sys" /f /v * /t REG_DWORD /d 1

And with execution policy unrestricted, I was running:

powershell -executionpolicy bypass -file script.ps1

Hiatt answered 26/9 at 17:38 Comment(0)

-3

PS doesnot allow Scripts to run on system ENV by default. you need to set the policy to unrestricted or remote signed Use: Set-ExecutionPolicy Remotesigned OR Set-ExecutionPolicy Unrestricted

Open the PS console and type this and press enter and then try running your script.

Relish answered 26/7, 2016 at 8:46 Comment(3)

he says Execution policy is Unrestricted it means No restrictions; all Windows PowerShell scripts can be run. technet.microsoft.com/en-us/library/ee176961.aspx – Pederasty 26/7, 2016 at 9:3

My execution policy is Unrestricted. When changing execution policy to Bypass I don't receive the warning anymore. It should, however, also work when it is Unrestricted. – Solitaire 27/7, 2016 at 9:23

so setting execution policy bypass fixed the issue only on current session or all? – Pederasty 27/7, 2016 at 11:8

Recommended topics

Hot tags