The Open File - Security Warning dialog box is displayed when you try to silently install a hotfix or an update by using a Visual Basic script in Windows XP Service Pack 2


Symptoms


When you try to use a Microsoft Visual Basic script to silently install a hotfix or an update on a Microsoft Windows XP Service Pack 2 (SP2)-based computer, you receive an Open File - Security Warning dialog box.

Cause


This problem may occur when you run a Visual Basic script that is similar to the following sample script to install a hotfix or an update that is downloaded from the Internet.

Note The following sample script installs security update MS04-038.

Set oShell = CreateObject("WScript.Shell")

oShell.Run "c:\temp\ms04-038\WindowsXP-KB834707-x86-enu /quiet /passive /norestart",0, True

Set oShell = Nothing


The update in this sample should install silently. However, the Open File - Security Warning dialog box is displayed because the update file is downloaded from the Internet and is therefore considered dangerous.

This behavior is new in Windows XP SP2 because of the addition of the Attachment Execution Services (AES). Every program that is run by using the ShellExecute() API passes through AES. AES considers the downloaded update file to be from the Internet Zone. Therefore, AESdisplays the Open File - Security Warning dialog box. AES examines the file to see whether the file has a file stream of the type Zone.Identifier. Then AES determines what zone the file is from and what level of protection to apply when the file is run.

Workaround


To work around this problem, use one of the following methods.
Method 1: Change the SEE_MASK_NOZONECHECKS environment variable

Temporarily change the SEE_MASK_NOZONECHECKS environment variable to 1.

Note Do not use this as a permanent system environment variable because it will disable all Zone Checking.

To temporarily change the SEE_MASK_NOZONECHECKS environment variable so that you can silently install a hotfix in Windows XP SP2, use the following sample script:
set oShell= CreateObject("Wscript.Shell")

set oEnv = oShell.Environment("PROCESS")

oEnv("SEE_MASK_NOZONECHECKS") = 1

oShell.Run "c:\ms04-038\WindowsXP-KB834707-x86-enu /quiet /passive /norestart",0,True

oEnv.Remove("SEE_MASK_NOZONECHECKS")


Method 2: Use a command script

You can use a command script instead of a Visual Basic script to silently install a hotfix or an update. To do this, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following lines, and press ENTER after each line:
    @echo off

    c:\ms04-038\WindowsXP-KB834707-x86-enu /quiet /passive /norestart
  3. After the installation is complete, type exit, and then press ENTER to close the command prompt.

More Information


Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. This article assumes that you are familiar with the programming language being demonstrated and the tools used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific needs.
If you have limited programming experience, you may want to contact a Microsoft Certified Partner or Microsoft Advisory Services. For more information, visit these Microsoft Web sites:

Microsoft Certified Partners - https://partner.microsoft.com/global/30000104

Microsoft Advisory Services - http://support.microsoft.com/gp/advisoryservice

For more information about the support options that are available and about how to contact Microsoft, visit the following Microsoft Web site:http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS