Edit

Share via

Policy CSP - SmartScreen

  • Article

EnableAppInstallControl

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl

Allows IT Admins to control whether users are allowed to install apps from places other than the Store.

Note

This policy will block installation only while the device is online. To block offline installation too, SmartScreen/PreventOverrideForFilesInShell and SmartScreen/EnableSmartScreenInShell policies should also be enabled. This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

Note

This policy will block installation only while the device is online. To block offline installation too, SmartScreen/PreventOverrideForFilesInShell and SmartScreen/EnableSmartScreenInShell policies should also be enabled.

This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
1 Turns on Application Installation Control, allowing users to only install apps from the Store.
2 Turns on Application Installation Control, letting users know that there's a comparable app in the Store.
3 Turns on Application Installation Control, warning users before installing apps from outside the Store.

Group policy mapping:

Name Value
Name ConfigureAppInstallControl
Friendly Name Configure App Install Control
Location Computer Configuration
Path Windows Components > Windows Defender SmartScreen > Explorer
Registry Key Name Software\Policies\Microsoft\Windows Defender\SmartScreen
Registry Value Name ConfigureAppInstallControlEnabled
ADMX File Name SmartScreen.admx

EnableSmartScreenInShell

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell

Allows IT Admins to configure SmartScreen for Windows.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 1

Allowed values:

Value Description
0 Disabled.
1 (Default) Enabled.

Group policy mapping:

Name Value
Name ShellConfigureSmartScreen
Friendly Name Configure Windows Defender SmartScreen
Location Computer Configuration
Path Windows Components > Windows Defender SmartScreen > Explorer
Registry Key Name Software\Policies\Microsoft\Windows\System
Registry Value Name EnableSmartScreen
ADMX File Name SmartScreen.admx

PreventOverrideForFilesInShell

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell

Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.

Description framework properties:

Property name Property value
Format int
Access Type Add, Delete, Get, Replace
Default Value 0

Allowed values:

Value Description
0 (Default) Don't prevent override.
1 Prevent override.

Group policy mapping:

Name Value
Name ShellConfigureSmartScreen
Friendly Name Configure Windows Defender SmartScreen
Element Name Pick one of the following settings.
Location Computer Configuration
Path Windows Components > Windows Defender SmartScreen > Explorer
Registry Key Name Software\Policies\Microsoft\Windows\System
ADMX File Name SmartScreen.admx

Policy configuration service provider