The publisher could not be verified” while running executable from network

August 25, 2008

When you are trying to run an executable located on another machine on your network, running Windows XP SP2 or higher, you are accosted with a prompt: “The publisher could not be verified”. You are forced to confirm that you wish to run this program… every time you run it.

You can disappear this message by setting the following Group Policy Object (GPO)

Go to User Configuration >> Administrative Templates >> Windows Components >> Attachement Manager and add “*.exe” to the “Inclusion list for moderate risk file types” setting.

“This policy setting allows you to configure the list of moderate risk file types. If the attachment is in the list of moderate risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. …”

In other words, this allows you to run an .exe from the Intranet zone without a prompt, but it will warn before running one from the Internet. A lot of people are instructing to add *.exe to the list of low-risk file types. Doing so, you are allowing .exe files to execute from anywhere on the internet.