Over the weekend at work, my Windows 7 Enterprise machine mysteriously came down with an odd issue. I first noticed it when I went to routinely open my MMC session I saved on my desktop. When I went to open it, it gave me a security warning dialog. Huh, that's odd. I saved a new session file onto my desktop and trying to open that one gives me the same error. I googled around for a bit, found a way to manually enter MSC files into an inclusion list in my local policy, and that was working so I just shrugged and went about my business.
However, this is also happening with batch (.bat) files and PowerShell scripts (.ps1) and presumably any other type of file that might be seen risky. With PowerShell, it's way more annoying because I can save a script that I just wrote
onto my desktop and not be able to run it. I have my execution policy set to RemoteSigned and yet the OS thinks the file that I just created isn't local for some reason... yet it also doesn't think it's from the Internet. There's no "Unblock" button on any of the files when I go into their file properties. Nor is there a checkbox on the security warning that lets me to not pester me each time for this particular file.
Even when I change the execution policy to Unrestricted, I still have to manually confirm I want to run a script within PowerShell by hitting the Y key and all that. It's really annoying.
Now I've had limited time to troubleshoot this, but one thing I have found out is that it only does this for files on my profile's desktop. If I save a script to the C drive root: no issue. If I save it to my root user profile folder: no issue. If I save it to my network mapped Z drive: no issue. But heaven forbid I save it to my desktop!
I'm guessing that's enough for one of you gurus to know what happened here. I compared the security and ownership settings on my desktop folder and one of my colleagues and couldn't find anything different. I'm just not sure where to go to get at the security settings for this.
Please note that I don't
want to just include all the file types that I work with. Allowing all
scripts to run without warning just seems folly to me. I also don't want to blanket disable the security warning across my entire computer--I don't mind the security warning per se, I just don't want my desktop to be lumped into whatever draconian filter it's currently in! Also note that my desktop is not being redirected.
Any ideas? I'd rather do this smartly, but if all else fails I may end up deleting my profile altogether and rebuild it.
By the way, I'm actually off work today, so I probably won't be able to test any suggestions until tomorrow. I just wanted to go in with some ideas and hopefully not lose any more time to this issue than I have already.