When you enable the Group Policy setting to run scripts (user logon scripts, GPO assigned logon scripts, etc.) you receive an Open File – Security Warning dialog box.
Every script or program that is run by using the ShellExecute() API passes through AES. AES considers the downloaded update file to be from the Internet Zone. Therefore, AES displays the Open File – Security Warning dialog box. AES examines the file to see whether the file has a file stream of the type Zone.Identifier. Then AES determines what zone the file is from and what level of protection to apply when the file is run.
In order to mark the script folder as trusted source, you should add the UNC path of the script to the Local Intranet zone. In Internet Explorer, select Tools, Options, Security Tab and select Local Intranet. Then, click on Sites , Advanced to add the UNC path of the script file(s) example\\domainFQDN\NETLOGON\script.vbs