Windows 2003: problem with running exe files

Today I couldn’t install some tool on Windows 2003 SE despite being assigned to the Admisnitrators group. Whenever I tried I get the following message:

Windows cannot access the specified device, path, or file. You may not have the appropraiate permissions to access the item.

If you face such problem, first of all check what permissions you have. To do that, right click on My Computer and choose Manage; then System Tools\Local Users and Groups\Groups; double click Administrators on the right part of the window and check if you are on the list of users with that persmissions.

As I said, I was the Admisnitrator of that machine so that was really strange. So I righ clicked the exe file I needed to run and chose Properties. In the Security tab I found out I have the appropriate rights on that file. I went to General tab of that window; at the bottom, in Security section there was the infromation:

This file came from another computer and might be blocked to help protect this computer.

That was it! You just need to click Unblock button which is next to the above information.

FYI: The whole security section is only visible for ‘unsecure’ files. Once you enable a file’s execution and click OK, you will no longer see it.

16 Responses to “Windows 2003: problem with running exe files”

  • Trying to get by

    What happens if there’s numerous .exe’s and .msi’s in multiple directories? Do you have to unblock them all?

    I tried unzipping a large anti-virus program update onto the server hard drive and it blocked all the executables from unzipping!

    There’s got to be a better way!

  • Honestly I don’t know and can’t check this as I’m running Windows XP on all machines I have access to… I had that problem at some point at work in the solution that involved Windows 2003…

    Did you try looking for some ‘apply recursively for all subdirectories’ check box or something like that? As you said, applying that to all files is convenient at all and there must be a better way to a kind of massive change.

    Good luck man!

  • I have same issue it’s crap why does windows want to block everything… you copied this file so it must be blocked???

  • It seems like Windows 2003 tries to act like Linux. With the latter it’s easier to overcome that problem though…

  • @Jaroslaw:

    Linux doesn’t act like that. This is stupid. Linux doesn’t do stupid things.

    This is more like Microsoft is trying to make Windows SERVER 2003 look and act like Windows XP HOME!

    If you have your server segregated from the Internet for security purposes and download your updates/installs on your admin workstation, then copy the files to your server to a location where the server, admin, domain admin, etc all have full control, you shouldn’t have to jump through these stupidity-hoops just to do your frickin’ job!

    UAC is Microsoft’s half-assed attempt to emulate SUDO, but this “blocked foreign file” stuff is just crap – especially since there’s no simple, UI way to recursively unblock, or to select multiple files and unblock.

  • Jim,
    I know that – I used Linux :)

    As usual there might be an argument on which OS is better but this was out of the scope of this post. Sometimes (like in my case) you have to do some stuff on OS you don’t choose.

    And I totally agree, this was neither intuitive nor really could secure anything ;)


  • windows security is blocked .exe file
    and cant run it in the windows server 2003 r2
    are there any idea for this ???????????

  • I have also had this occur in a windows server 2003 r2 std environment being used for testing a migration will be doing at our site. i was trying to emulate the same server that i have in production, also a windows server 2003 r2 std. the difference between the two is the test version has all the fixes to date, 2/11/09, where as the production server is not at the current patch level. i purposely do not apply fixes to the production version. that server is running just fine & i have taken the position if it is not broken don’t fix it. i know it could be open to security vulnerabilities, but i have not noticed any issues. only one application is run on it used for SPC, statistical process control. we are a manufacturing facility.

    what i deduce is a security fix has caused the issue. i suppose is i start backing some out and the issues goes away, then that fix is the one which did it. if i can determine which one it is, i come back and let you know.


  • Well, as it turned out I was wrong in my observations. Both servers which are 2003 R2 STD have the same issue. The file I was looking at is on another 2003 STD server at our site. But that one is not R2 and never had even SP1 applied to it. When I check the properties of the file on the machine, the ‘…file comes from another computer…’ text is not present. So, maybe it is related to SP1. The file was downloaded from the web. It is the executable for Wireshark.

    In my case it was just an exercise in isolating an issue. In general it is not a problem for me. Sorry to be misleading.

    I did go through the process of comparing the fixes between two 2003 STD R2 servers. It was time consuming, because there is not an easy means of comparison that I could find. It would have been a lot of work to pull fixes from the server at the current fix level. I would have expected all the fixes on the less fixed server, SERVER_A, to be also on the more ‘current’ server, SERVER_B. That did turn out to be the case. Several of those KB numbers did not exist on SERVER_B. Possibly newer fixes replaced some of those older fixes and MS changed the KB numbers. It did not give me that warm fuzzy feeling that SERVER_B had the same fixes as SERVER_A plus whatever newer ones were developed after some point in time.


  • hi,great post,just keep it up

  • Guys, the issue is with internet explorer security. To resolve this issue, i lowered the Internet Explorer Security down to low or medium low and that resolved it. I was trying to install an updated antivirus program and all .exe, .msi were blocked. This is the first I’ve heard of this but that is what it was. good luck.

  • the solution is a lot better otherwise you will have to make it on all servers (not practical in corporate world)

    create a gpo In group policy settings >admin templates>windows components>Internet Control Panel

    Add the following

    - add unc path to intranet zone
    - add sites bypassing the proxy to intranet zone
    - Set intranet template zone to low
    - In site to zone assignment setting add the following

    and it works

  • copy the files to your server to a location where the server admin is.

  • I wud thin that the Windows Server way of blocking exe files are correct as this only saves the servers from any future problems.

Leave a Reply