You should definitely digitally sign the application no matter what. However,
that will not remove the warning. It just will have your (or your company's)
name in the dialog and won't say "Unknown Publisher."
Technically, there is a way to get rid of this warning, but it is there as a
warning to end users. If you remove it here, you would also remove it for all
other executables. That would put your users at significant risk. If you
programmatically remove that warning, you would be responsible for putting
them at significant risk; a responsibility that I am pretty sure you do not
want to accept.
Rather, I would suggest that you take the opportunity to educate your users.
Teach them that the warning is there so that they can assess whether they
want to accept the risk involved in opening applications off the Internet. In
this case, you have digitally signed the application so they can trace it to
you and have assurance that they are, in fact, opening a trusted application.
Anytime they get a dialog like this they should evaluate it and see if they
really want to accept that risk or not. If the publisher is unknown, they
have no way to tell who wrote the application, and should consider it a
Your question may already be answered in Windows Vista Security:
"Rod Wright" wrote:
> We developed a program to integrate a large amount of data for National Air
> and Space Museum (NASM) volunteer use. The program works fine, but our users
> are relatively unsophisticated volunteers. They get confused by the warnings
> issued by Access when opening our program. Our users run at multiple Win2K
> and XP machines and load our program and the data over the Smithsonian
> In Vista, the popup warning is:
> Open File - Security Warning
> Do you want to open this file?
> Name: \\Server\Public\UHC_Frms.exe
> Publisher: Unknown Publisher
> Type: Microsoft Office Access MDE Database
> From: \\SERVER\Public\BLAST\UHC_Frms.mee
> | Open | | Cancel |
> Note that the path shown above is when I'm testing on my home network, not
> at NASM. Also, that warning was from Office 2007 but at NASM they are still
> using Office 2003, so the dialog box is different.
> Also, the error message is different under Office 2003 (and a lot more
> confusing for users.) I'm not at NASM now, so I can't see the exact text of
> how the error appears there. I'll post that tomorrow when I go there.
> How can we avoid these warnings? Would it work for us to obtain and publish
> a certificate for the program code? If so, does it need to be reissued each
> time we make a change? (Since we have only been up and running for users
> since January, the code is still being modified as we gain experience.) How
> do we do that?
> What do you recommend?
> Rodney L. Wright