Why can't a script placed directly in the GPO's Sysvol folder be executed, and how can this restriction be bypassed?

Directly executing a `.bat` file from the Group Policy folder triggers a security warning and is blocked. To bypass this, modify the local registry on the target machine with `reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v ModRiskFileTypes /t REG_SZ /d .bat /f`, or configure the same policy via domain GPO to allow `.bat` files as low-risk file types. This enables the script to run without prompting the user.