I am running the Microsoft VB file xcacls.vbs from a script, the file is stored on a remote share but whenever it is called I get the Open File Security Warning, I would like to be able to suppress this.
Thanks
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
im not sure what the registry key would be as im not sure what exactly that security window is called or whatever but there should be a registry key that will disable it and it will just be a case of disabling that in the registry first before you run the rest of your vbscript - assuming the user running / executing the script has administrator rights to the registry to be able to make the changes.
Was the *.VBS file from another computer?
If so, Right-Click it and open the file Properties.
Do you see a button entitled "Unblock" below the "Advanced" button in the "General" tab, accompanied by the description:
"This file came from another computer and may be blocked to help protect this computer"?
If so, click the "Unblock" button and see if the security warning goes away when you next run it.
Hi, all you need to do is tell the system what to run the VBS file with.
I assume you have something like this:
objShell.Run "\\server\share\xcacls.vbs
(or however it works...can't remember exactly...)
When run this way, it executes the VBS on a remote system, which gives you a security warning.
To get around, run
objShell.Run "cscript.exe \\server\share\xcacls.vbs /c:Administartors:f"
so that you run a local executable, cscript.exe, which then calls the remote VBS. This should prevent a security warning.
Regards,
Rob.
I believe that the extra button is an additional security feature installed either by by the Windows XP SP3 update or by Internet Explorer 7, so it may not be applicable to you. Sorry I can't be more specific about which of the two updates created the new button, but on this system I installed SP3 and IE7 right after the other and didn't notice at what stage it appeared.
OK, I thought you already had your XCacls.vbs syntax...I just provided an example.
The /C isn't a valid option, as it turns out. This should work.
wscript.exe xcacls.vbs C:\Temp\Folder /E /T /G DOMAIN\UserName:F
I'm not too familiar with WISE script, so you'll need to figure out how to put that into a Shell command...
Regards,
Rob.
How about the RUNAS command preceding the call for cscript.exe to run the *.vbs file, and make it run as administrator. Syntax available from RUNAS /?
I still don't think that will suppress the security warning though. I can't test it out on my current setup, but I'm sure even an admin profile will receive a security warning simply because the *.vbs file type is regarded as potentially dangerous.
I will have to have another go at seeing what changes are made to the system when you click the "unblock" button in the file's properties. I found several apparently relevant explanations and/or solutions, BUT these are only relevant IF the "security" warning you are seeing IS related to the "blocked" issue I discussed earlier.
Snippets of findings:
Apparently only affects downloaded files when using IE6 in XP SP2 or later, according to some people, but I never noticed it before installing SP3 and IE7.
gpedit.msc > User Configuration > Administrative Templates > Windows
Components > Attachment Manager
Enable "Do not preserve zone information in file attachments".
Only works on files downloaded after you do the above.
Another one from Ramesh Srinivasan Microsoft MVP:
NTFS supports the above, so moving the file to a FAT32 drive or partition and back to an NTFS one loses the "zone information.
Most useful comment by Hayman Ezzeldin 14-4-2007 here:
http://forums.techarena.in
He discusses NTFS "Data Streams".
I suspect this is just the same as ADS (Alternate Data Streams), ie. hidden metadata contained inside files, and he suggests using the command:
MORE filename.ext
to see the "stream(s)".
He also links to the SysInternals utility "Streams.exe":
http://technet.microsoft.c
as a means to see and delete data streams.
The thing is, you didn't download the *.vbs file as it was, did you. I would have thought it would have been INSIDE the package:
http://download.microsoft.
http://support.microsoft.c
If this is all away off at a tangent, perhaps because the actual security warning you are receiving is totally different, then just ignore this.
Hi, when I tick the "Attach File" box, a box underneath that expands and has an "Add File" button. Do you not see that?
If not, you can upload your files to
http://www.ee-stuff.com/
and post a link to your screenshot here.
Regards,
Rob.
This is a test comment
(this comment field cropped down in height in image editor)
This is only an image :-)
vision_on
Feel free to email it to me and I will then attempt to upload the received file as an attachment here later this evening for others to see. I'm on GMT currently 14:25 Hrs and need some sleep because I'm nightshift tonight. My email address is in my profile at the bottom (http://www.experts-exchan
OK, when you've downloaded the XCACLS.vbs file from here:
http://www.microsoft.com/d
you have an Unblock button in the file properties of that file (as long as the file is on your C Drive.
Installer Properties
OK, let's try a test:
Read the description of the "Date Name" VB Script here:
http://www.ericphelps.com/
so you know what it does before going to the download page:
http://www.ericphelps.com/
It just renames a specified file with the prefix of "yyyy-mm-dd-filename.txt"
Command syntax:
DateName.vbs [[[Drive][Path_To]]FileNam
When downloaded, the *.VBS file's Properties show the "Unblock" button and, before clicking on it to Unblock it, the file will issue the same security warning as your screenshot.
http://www.ericphelps.com/
DON'T Unblock it yet. Create a copy and name it "DateName_02.vbs", then rename the original "DateName_01.vbs".
Double-Click on "DateName_02.vbs" and, when the security warning pops up, UNCHECK the box shown in the attached screenshot. It will just show a message box telling you it needs a parameter to run, but it will have removed the "Unblock" button just as though you had clicked on that before running the script.
Now, the reason that I did not detect any changes between DateName_01.vbs and DateName_02.vbs after unblocking the second is that the Alternate Data Stream (ADS) content that acts as the flag, and which is stripped out when the file is unblocked, is invisible to just about all file comparison programs.
I used SysInternals "Streams.exe" (http://technet.microsoft.
--------------------------
C:\UNZIP\Streams>streams DateName_01.vbs
Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\UNZIP\Streams\DateName_
:Zone.Identifier:$DATA 26
--------------------------
There's your ADS Data on the last line above, but that is only the "Name" of the Data Stream, not the content. In fact, the "Zone.Identifier" is the name of the stream. To see what that actually is use the command:
You could also see this using the commands:
Notepad "DateName_01.vbs:Zone.Iden
or in a batch file:
more < DateName_01.vbs:Zone.Ident
It's is in the *.INI file format:
[ZoneTransfer]
ZoneId=3
Apparently there are Six Zones that can be specified in the embedded file:
NoZone = -1
MyComputer = 0
Intranet = 1
Trusted = 2
Internet = 3
Untrusted = 4
AFTER Unblocking, here's the output from DateName_02.vbs:
--------------------------
C:\UNZIP\Streams>streams DateName_02.vbs
Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
--------------------------
OK, so let's try it on the ZIP FILE download:
http://www.ericphelps.com/
First of all, Use WinZip, WinRAR, 7-Zip, or Windows XP's inbuilt unzipping function to unpack the contents of "DateName.zip" to its own folder and then check the properties of "DateName.vbs".
There is no Unblock button, and streams.exe sees no ADS data, because the *.vbs file was inside the *.zip wrapper and the stream wasn't applied to the contents at download and save time.
The same SHOULD have been true of the "XCacls_Installer.exe" that Rob provided the link to. It is just a self-extracting zip file (SFX) that can be unpacked with WinRAR, Universal Extractor (http://legroom.net/softwa
As Rob stated, if you either "install" (just extracts) or "unpack" "XCacls_Installer.exe", the results are just the same as for the zip file, ie. no ADS in the contents of the outer package.
I tested this by clicking the download link button from Rob's Microsoft page, and choosing the unsafe "Run" option instead of saving the file. It just runs the unpacker and prompts you to browse to a folder, and unpacks the *.vbs file. This "installed" file does not have the ADS data either, and therefore will not show the security warning.
Moving any file with ADS data embedded from an NTFS drive to a FAT32 one, and then back again to NTFS strips out the ADS data. So does the command: streams -d filename.ext
So, if you have the same security warning after:
1. moving from NTFS to FAT32 and back to NTFS
and/or
2. running the command STREAMS -d XCacls.vbs
then there's some registry restriction at work that we need to find out about.
As a side note, there is a *.dll file available from Microsoft that creates a new tab for file properties so you can see files that have Alternate Data Stream content embedded:
http://msdn.microsoft.com/
http://download.microsoft.
Unpack and copy DLL to C:\Windows\System32, then register it:
regsvr32 StrmExt.dll
This should create the registry values for files, but to extend it you can add the following registry keys.
Folders:
HKEY_CLASSES_ROOT\Director
Root folders:
HKEY_CLASSES_ROOT\Drive\sh
vision_on's security warning for file "xcacls.vbs" which was installed from Microsoft download "XCacls_Installer.exe"
My Example security warning before unblocking *.VBS file
Note the absence of the check box "Always ask before opening THIS FILE"?
ADS data has never been embedded in this file for the reasons stated by Rob Sampson earlier, and reitereated and tested by me in my previous post.
I think it's most likely to be a permissions issue (as originally suggested by Rob Sampson), or a registry issue in the form of a policy or restriction.
vision_on
I think you are going to have to do a search in Regedit for all instances of .VBS and/or VBS. That will be a long task, but may reveal a security setting somewhere.
He, he. If I breathed through my typing fingers they would have died years ago :-) I make notes in Notepad in stages then finally copy and paste here, so I sometimes am not aware how long it will be until I hit the submit button.
Let me summarise my comment, which really just comprises test notes:
The security message is NOT being caused by the ADS data ("ZoneId=3" Internet Source) embedded into downloaded files which creates the "unblock" button in the file's properties. There is some other restriction or setting involved.
vision_on
If the last suggestion doesn't work, could you please export the following two Keys from REGEDIT to *.Reg files, then rename changing their extensions from *.txt to *.reg, and upload the *.txt files as attachments:
[HKEY_CLASSES_ROOT\.VBS]
Take note of the value shown in the above key as [Default]. If looking at the exported *.reg file in Notepad, the value will be the one against the @= value. The normal value is "VbsFile".
[HKEY_CLASSES_ROOT\VbsFile
... or whatever the [Default] value happens to be in the previous key.
I had the same issue you're having and using rasteffen's method worked for me. I prepended the "cmd /c cscript.exe" to the second and third lines below. Here's what my Logon.bat script looks like now:
if exist %windir%\System32\XCACLS.v
copy "\\FS1\Installs\Applicatio
cmd /c cscript.exe xcacls.vbs //B "C:\Documents and Settings\%UserName%" /E /G "BUILTIN\Administrators":F
cmd /c cscript.exe xcacls.vbs //B "\\FS1\Users\%UserName%\My
:MapDrives
net use Z: /delete /y
net use Z: \\FS1\Shared
The above allows me to get into their local profile (under C:\Documents and Settings) to update Desktop shortcuts, Favorites, etc. It allows allows the backup software to access their redirected My Documents folder on server so it gets backed up.
This seems to be caused by newer versions of Internet Explorer - specifically the way it handles the Security Zones - because I never had this issue until IE7 and IE8.
Business Accounts
Answer for Membership
by: borgunitPosted on 2009-02-12 at 05:23:13ID: 23621608
It may depend on App. For example in Excel under TOOLS >> OPTIONS >> Security >> Macro Security you would need to change this option then the script can run without interruption.