Alan's Blog

"Yeah. I wrote a script that will do that."

Remove “Open File” security warning for files downloaded from the internet

Posted on April 16th, 2009

I needed a list of my DHCP servers, so I went looking for my DHCPServers.vbs script, which I wrote for that purpose.  Gone.  I remembered that I posted it on www.myITForm.com, and so I downloaded the script from there http://www.myitforum.com/inc/upload/11431DHCPServers.vbs.txt (right click, then save target as).  I went to run my script and I got this:

 Open File Security Warning screen cap

This data I suspected existed in the NTFS stream for the file.  So I downloaded a copy of the Sysinternals file streams.exe from http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx.  When I looked at the streams I found this:

 

C:\>streams “C:\myprofile\desktop\11431DHCPServers.vbs”

Streams v1.56 – Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals – www.sysinternals.com

C:\myprofile\Desktop\11431DHCPServers.vbs:
   :Zone.Identifier:$DATA       26

I obviously suspected the zone.identifier, and reran streams with the -d command, which deleted the stream.  When I went to open the file, I was no longer asked whether I trust the script that I wrote.  I then ran the delete command on my script folder:

streams -s -d z:\scripts

 

 

Tags: NTFS+Streams, downloaded+files, DHCP+Servers

Filed under Computing, Scripting |

Leave a Reply

You must be logged in to post a comment.

Please Note:

All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with Version 3 or 4.

https connections are supported.

Categories

Bad Behavior has blocked 541 access attempts in the last 7 days.