A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

How to remove the Open File Security Warning Prompt during Driver Deployment or User Login when using MDT or SCCM

,

During a deployment of Windows or even after Windows is deployed you see an Open File – Security Warning prompt when a .EXE runs (similar to the one below).

Security Warning with Drivers

This happens because when you download an .EXE, .ZIP, or .CAB Internet Explorer (as well as Firefox and Chrome) saves what is called a Zone Identifier, telling the Operating System the file came from the internet and not a trusted zone.  In certain deployments this can happen several times when a user logs in to load all of the applications into the system tray, some of them being igfxtray.exe, apmsgfwd.exe, apntex.exe, apoint.exe, gfxui.exe, hidfind.exe, hkcmd.exe, igfxpers.exe.

To get around this we need to remove the ZoneIdentifier, we can use a small utility from SysInternals to do it.  Download Streams, copy it to your MDT or SCCM Server and run the following changing the path to a location containing your drivers;

streams.exe -s -d "E:\MDTDeploymentShare\Out-Of-Box Drivers"

Make sure you run that in an Administrative command prompt and accept the license agreement on the first run. Hope that helps.

Leave a Reply

More Posts

Check to see if your KMS can be contacted

Sometimes when deploying computers in our organisation, they don’t see our KMS server and automatically activate (even though they are told to do so via our unattend.xml). 9 times out of 10 it’s the client itself having issues just talking to your KMS server. To check and see if you can contact it, you can […]

Microsoft 365 Admin Notifications to your user mailbox with Plus addressing

Licensing your Entra Administrator accounts for email is a common practice to ensure you are across service health updates, user, security and billing alerts but by doing this it introduces security risks and additional costs for mailbox licensing. As a best practice, privileged accounts should remain isolated from unnecessary communication channels to minimise vulnerabilities or […]

Delete Windows.old from an upgraded Windows Server install operating in Core

I was at a customer site and they had a single Hyper-V host (running Server Hyper-V edition) and had done an in-place upgrade. Microsoft generally recommends you always do fresh installations and migrate, except for Configuration Manager servers where it is a supported configuration to upgrade Windows versions.  They were starting to run low on […]