Only allow approved Shell extensions

User Configuration\Administrative Templates\Windows Components\Windows Explorer


Directs Windows to start only the user interface extensions that the system security or the user have approved.

When the system detects that the user is downloading an external program that runs as part of the Windows user interface, the system searches for a digital certificate or requests that the user approve the action. If you enable this policy, Windows only starts approved programs.

This policy is designed to protect the system from damage from programs that do not operate correctly or are intended to cause harm.

Tip-icon Tip

To view the approved user interface extensions for a system, start a registry editor (Regedt32 or Regedit). The system stores entries representing approved user interface extensions on a system in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.