Here is a summary of the case:
ACTION:
Running the start command from within a batch file, to run another batch file.
RESULT:
User gets a popup saying that the publisher could not be verified, and asking if they want to continue running the file.
CAUSE:
When the command prompt issues a start command it uses a function call to ?start? the command you have specified, this function call is ShellExecute(). Previously ShellExecute() would create new processes without any checking, now in SP2 the ShellExecute() function goes through Attachment Execution Services (AES) which is new in SP2. Changes around AES mean that processes started with the shell functions are checked in very much the same way as applications that are run through IE and Outlook Express.
The problem with running this batch file is that it has a leading slash, this makes AES believe that the application is running from the Internet Zone and not locally. If you run the batch file with a full path AES thinks it?s running locally and so you don?t see the problem.
\test\testxferone ? Internet Zone
\test\testxferone.bat ? Local Zone
C:\test\testxferone ? Local Zone
C:\test\testxferone.bat ? Local Zone
When the .bat is added in the second case, this is Local Zone, because the C: is automatically added to the path. Without the .bat, this does not happen, causing the system to default to Internet Zone.
This causes a GUI based popup even though we are in a command line context because it is triggering a shell related security measure.
RESOLUTION:
Use the full path, or add the .bat extension in the start command.
