Policy CSP - SmartScreen
EnableAppInstallControl
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl
App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly.
If you enable this setting, you must choose from the following behaviors:
Turn off app recommendations.
Show me app recommendations.
Warn me before installing apps from outside the Store.
Allow apps from Store only.
If you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet.
Note
This policy will block installation only while the device is online. To block offline installation too, SmartScreen/PreventOverrideForFilesInShell and SmartScreen/EnableSmartScreenInShell policies should also be enabled.
This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Turns off Application Installation Control, allowing users to download and install files from anywhere on the web. |
| 1 | Turns on Application Installation Control, allowing users to only install apps from the Store. |
| 2 | Turns on Application Installation Control, letting users know that there's a comparable app in the Store. |
| 3 | Turns on Application Installation Control, warning users before installing apps from outside the Store. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | ConfigureAppInstallControl |
| Friendly Name | Configure App Install Control |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Explorer |
| Registry Key Name | Software\Policies\Microsoft\Windows Defender\SmartScreen |
| Registry Value Name | ConfigureAppInstallControlEnabled |
| ADMX File Name | SmartScreen.admx |
EnableSmartScreenInShell
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious.
Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
Warn and prevent bypass
Warn.
If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app.
If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet.
If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
Allowed values:
| Value | Description |
|---|---|
| 0 | Disabled. |
| 1 (Default) | Enabled. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | ShellConfigureSmartScreen |
| Friendly Name | Configure Windows Defender SmartScreen |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Explorer |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| Registry Value Name | EnableSmartScreen |
| ADMX File Name | SmartScreen.admx |
PreventOverrideForFilesInShell
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious.
Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
Warn and prevent bypass
Warn.
If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app.
If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet.
If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed values:
| Value | Description |
|---|---|
| 0 (Default) | Don't prevent override. |
| 1 | Prevent override. |
Group policy mapping:
| Name | Value |
|---|---|
| Name | ShellConfigureSmartScreen |
| Friendly Name | Configure Windows Defender SmartScreen |
| Element Name | Pick one of the following settings. |
| Location | Computer Configuration |
| Path | Windows Components > Windows Defender SmartScreen > Explorer |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| ADMX File Name | SmartScreen.admx |
Related articles
Feedback
Kommer snart: Under hela 2024 kommer vi att fasa ut GitHub-problem som feedbackmekanism för innehåll och ersätta det med ett nytt feedbacksystem. Mer information finns i: https://aka.ms/ContentUserFeedback.
Skicka och visa feedback för