# Windows security opening these files might be harmful to your computer, domain, policy

Hi,

I have a Windows 2008 R2 domain.
A NAS is mapped through drive letter S:  via policy (\\ip\share).
Now when I try to extract a zipfile from this share, I get a popup:

Changed the local Intranet settings via policy,

but when I do a gpoupdate /force, I get following error:
The following warnings were encountered during user policy processing:

Windows failed to apply the Internet Explorer Zonemapping settings. Internet Exp
lorer Zonemapping settings might have its own log file. Please click on the "Mor

... what results in policy doesn't apply, result is the same.

J.
OS SecurityWindows Server 2008Active DirectoryAnti-Virus AppsMicrosoft Server OS

Last Comment
Rich Rumble

8/22/2022 - Mon
Chris

There is an alternative method to prevent this popup. You can setup safe file types within the attachement manager in GPO. This can be found at:

User Configuration --> Administrative Templates --> Windows Components --> Attachment Manager

janhoedt

Thanks, but want to use default way = site settings. It should work.
Rich Rumble

I'm not sure about applying the GPO, I thought that windows was very adamant about tagging files copied from shares and the internet.
These warnings come from ADS (alternate data streams) being set on files that are downloaded. You can work around the issue by deleting the files ADS, you can use "streams.exe" provided by the sysinternals folks: http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx There are other such utilities out there too. In windows 7 and 2008 you can do a "dir /r c:\path\to\downloads" and see "Zone.Identifier:$DATA" as the ADS stream. Perhaps a scheduled task that watches the download folder, or runs nightly that removes ADS streams would be a way around it? -rich Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC! Walt Forbes janhoedt ASKER I think you are looking way to far. It can't be that this solution should be implemented in every company which uses Windows 2008/file shares. Christopher Kile Why don't you set up a virtual directory to the NAS and access your files that way? This way you set up your permissions within IIS. I may not be understanding exactly what you want to do, but this is what we do in order to make NAS files available to the web apps. I have not yet tried to unzip a zip on a virtual directory, though. janhoedt ASKER ???? I just use the NAS to share files. Why would I use IIS and create a virtual directory then??? Get an unlimited membership to EE for less than$4 a week.
Unlimited question asking, solutions, articles and more.
Christopher Kile

Alright, I think I'm failing to understand something.  How, exactly, are you unzipping files when you get the first error?  Programmatically, or manually?  If programmatically, through a Web application or through some other application?  I was assuming you were doing this through a Web application.