Invoke-WebRequest causes IE content blocked dialog

Asked 16/9, 2014 at 7:27 Answered 16/10, 2021 at 15:55

On a Windows server with Internet Explorer Enhanced Security Configuration enabled, calling Invoke-WebRequest like this:

Invoke-WebRequest "http://localhost" -UseBasicParsing -UseDefaultCredentials

Results in this error dialog:

Internet Explorer dialog - Content within this application coming from the website listed below is being blocked by Internet Explorer Enhanced Security Configuration

Considering that this script is intended to be run remotely, I'd like to avoid the dialog appearing at all.

Obstacle answered 16/9, 2014 at 7:27 Comment(0)

Click Add and add about:security_powershell.exe to Trusted Sites.

Cribble answered 16/9, 2014 at 10:25 Comment(6)

A good suggestion - I tried that. I then get subsequent errors relating to other files that the initial page references. Looks like Invoke-WebRequest is behaving like a regular browser, rather than just retrieving the initial request's content – Obstacle 16/9, 2014 at 11:29

That's exactly what Invoke-WebRequest does. You can use System.Net.WebClient as an alternative but there will be no client-side processing there(no ajax). – Cribble 16/9, 2014 at 11:36

Exactly what I ended up using :-) – Obstacle 17/9, 2014 at 1:35

In my case adding about:/assets/default.js to Trusted Sites was also required. – Craquelure 27/7, 2016 at 17:57

but this defeats automation. The OP stated he is trying to execute remotely. – Gesticulation 18/9, 2018 at 0:18

This is not a solution for script automation as it involves UI! – Wendellwendi 30/7, 2019 at 21:38

It seems Invoke-WebRequest requires IE unless you specify -UseBasicParsing parameter. see: https://msdn.microsoft.com/powershell/reference/5.1/microsoft.powershell.utility/Invoke-WebRequest

-UseBasicParsing Indicates that the cmdlet uses the response object for HTML content without Document Object Model (DOM) parsing.

This parameter is required when Internet Explorer is not installed on the computers, such as on a Server Core installation of a Windows Server operating system.

Resoluble answered 5/2, 2017 at 12:18 Comment(3)

Wouldn't it be the opposite? If "this parameter is required when IE is not installed...". – Slavish 31/8, 2017 at 19:21

This didn't work for me. Adding -UseBasicParsing still resulted in the IE ESC pop-up for new URLs; at least at PowerShell 3.0. – Uriiah 3/10, 2017 at 17:37

I saw this in the documentation: This parameter has been deprecated. Beginning with PowerShell 6.0.0, all Web requests use basic parsing only. This parameter is included for backwards compatibility only and any use of it has no effect on the operation of the cmdlet. – Presumptuous 11/10, 2023 at 20:48

Click Add and add about:security_powershell.exe to Trusted Sites.

Cribble answered 16/9, 2014 at 10:25 Comment(6)

That's exactly what Invoke-WebRequest does. You can use System.Net.WebClient as an alternative but there will be no client-side processing there(no ajax). – Cribble 16/9, 2014 at 11:36

Exactly what I ended up using :-) – Obstacle 17/9, 2014 at 1:35

In my case adding about:/assets/default.js to Trusted Sites was also required. – Craquelure 27/7, 2016 at 17:57

but this defeats automation. The OP stated he is trying to execute remotely. – Gesticulation 18/9, 2018 at 0:18

This is not a solution for script automation as it involves UI! – Wendellwendi 30/7, 2019 at 21:38

Perhaps systems have changed since Raf's answer above was posted. I found it didn't work for me.

What did work was:-

Open Internet Explorer
Go to Tools->Internet options
Select the Security Tab
Click Local Intranet
Click sites
Enter *.security_powershell.exe
Click Add

Arapaima answered 23/6, 2016 at 7:44 Comment(3)

I didn't have the "Add..." button shown in the OP's screenshot but otherwise the same error message, and this worked for me as well (though I added a different page to Trusted Sites instead of Local Intranet). – Stets 17/5, 2017 at 1:23

OP is showing he is looking for a PowerShell based solution and it must be able to execute remotely. Why would you suggest a GUI solution? This defeats automation. – Gesticulation 18/9, 2018 at 0:17

@Steven my understanding of the question is that they're attempting to run a powershell script on the client not the server. If you don't want to use a GUI on the client to make these changes to the security policy you can use Windows Server Group Policy to apply security changes to all the machines within a domain – Arapaima 18/9, 2018 at 1:14

Just return a single property of the object that comes back from the call, ie:

(invoke-webrequest -Uri https://www.google.com).RawContent

(invoke-webrequest -Uri https://www.google.com).StatusDescription

I don't really know what the default call for invoke-webrequest is doing, but it must be doing a lot more than just getting a raw HTTP response.

Brooking answered 8/6, 2021 at 18:59 Comment(0)

I know I am posting on very old post.

I am also getting this issue "Invoke-WebRequest causes IE content blocked dialog" and option "Click Add and add about:security_powershell.exe to Trusted Sites." isn't working for me because I am hitting web-site in loop by passing parameter. so every time there will be new URL, like below. Any idea to permanently unblock and suppress this dialog box.

 #$URL='https://www.mywebsite.com/page/Public.aspx?id='+$CODE+'&qtr=8&Qtr=December'

Aegean answered 16/10, 2021 at 15:55 Comment(1)

This does not really answer the question. If you have a different question, you can ask it by clicking Ask Question. To get notified when this question gets new answers, you can follow this question. Once you have enough reputation, you can also add a bounty to draw more attention to this question. - From Review – Obmutescence 17/10, 2021 at 0:21

Recommended topics

Hot tags