Want to disable ClickOnce support on edge using powershell

Mayur Bhatti 20 Reputation points
2024-04-03T20:40:22.2933333+00:00

Due to some internal requirement, I need to disable ClickOnce in all the users so I want to create a PowerShell script that will disable the ClickOnce support.

I have follow few reference docs:
https://learn.microsoft.com/en-us/answers/questions/1315732/disabling-the-clickonce-trust-prompt

https://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022&tabs=csharp
https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::ClickOnceEnabled

and based on that I created once script:

# Create key in the registry
New-Item -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager" -Force
New-Item -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -Force

# Disable ClickOnce support in Microsoft Edge
Set-ItemProperty -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -Name "MyComputer" -Value "Disabled"
Set-ItemProperty -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -Name "LocalIntranet" -Value "Disabled"
Set-ItemProperty -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -Name "Internet" -Value "Disabled"
Set-ItemProperty -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -Name "TrustedSites" -Value "Disabled"
Set-ItemProperty -Path "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -Name "UntrustedSites" -Value "Disabled"

Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name "ClickOnceEnabled" -Value 0 -Type DWord -Force

# Attempt to stop the msedge.exe process
try {
    Stop-Process -Name msedge -ErrorAction Stop
} catch {
    # Ignore the error if the process is not found
}

# Start msedge.exe
Start-Process msedge

But still not able to disable the ClickOnce.

Can someone help me?

I am using windows 10 server

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,325 questions
{count} votes

Accepted answer
  1. Yu Zhou-MSFT 13,411 Reputation points Microsoft Vendor
    2024-04-04T07:30:17.04+00:00

    Hi @Mayur Bhatti

    If you just want to disable ClickOnce in Edge, I think this line is enough:

    $RegistryPath = 'HKLM:\Software\Policies\Microsoft\Edge'
    $Name         = 'ClickOnceEnabled'
    $Value        = 0
    # Create the key if it does not exist
    If (-NOT (Test-Path $RegistryPath)) {
      New-Item -Path $RegistryPath -Force | Out-Null
    }  
    Set-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -Type DWORD -Force
    

    It edits the registry which has the same effect with this policy: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#clickonceenabled. After running the script, you could open this page edge://policy in Edge to check if the policy has been applied. If it's applied successfully, you'll find this policy on that page:User's image


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Regards,

    Yu Zhou


1 additional answer

Sort by: Most helpful
  1. Michael Taylor 54,401 Reputation points
    2024-04-03T20:47:16.0033333+00:00

    Are you on a domain? If so then the correct solution is to disable ClickOnce in Edge using a group policy. That is discussed here.

    Note that if a site provides an EXE (click once or otherwise doesn't matter) then unless your policies prevent downloading then the user can still download the EXE and run it manually, after they unblock it. I'm not aware of any way outside software restrictions to prevent this.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.