Tip of the Week: Disable the UAC prompt to authorize tool execution

Blog Post created by ken_foster on Sep 16, 2013

By default, a user on Windows Vista, Windows 7, or 2008 Server will be prompted to approve any program they attempt to run if the software is not on a local file system.  This is an annoyance for anyone installing Mentor Graphics software in client/server configuration, assuming of course your security policy does not require a user to be prompted. You could disable UAC entirely, but then you will also disable security features you think desirable.


You can disable the feature of prompting to authorize program execution on your intranet without turning UAC completely off using the Group Policy Editor. Use this tool to configure the system not to prompt the user when they run an executable from a network drive.


Procedure (Note: You must have administrator rights to perform this operation)


  1. From the DOS command shell or from the run dialog, enter the command gpedit.msc
  2. Go to User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager. Double click on "Inclusion list for moderate risk file types".

  3. Select Enable, and add *.exe in the box that says ‘Specify moderate risk extensions’.

  4. You may also add any other known types you want to avoid being prompted for (.pdf, .bat, etc).


When you grant this exception it allows you to run an application with a .exe extension from the Intranet zone without a prompt, even when UAC is on. You will still be warned before an application from the Internet zone is allowed to run.


The risk you assume is that you must trust that any executables sitting on a network drive (drives mapped to a drive letter or drives you connect through a UNC path) are safe to run without seeing the warning popup.