I'm running Windows 10 Home, and I want to make sure that unsigned executables don't run (or at least I get a popup making sure that I want to run them).

I found this page, but I cannot for the life of me figure out how to enable this.

It gives me a location to the setting:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

But that's not an absolute path. From where do I follow that path? Is this only available to Windows 10 Pro installs perhaps? Is this already enabled?

My UAC settings are set to the max (see picture here). Is that enough?

    Is that enough?

    It absolutely is not enough. The default setting for this particular group policy is set to disabled, changing the UAC settings, does not enable the policy in question.

    Is this only available to Windows 10 Pro installs perhaps? Is thisalready enabled?

    You can only edit the group policy, through the group policy editor, on Windows 10 Professional and/or Windows Server. It is possible to manually add the group policy editor (gpedit) to Windows 10 Home.

    The group policy you want to enable is: User Account Control: Only elevate executables that are signed and validated and by default it is disabled.

    Of course, the simplest approach only requires editing the following registry key.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures

    You will have to set the value from Disabled with a value of 0 to Enabled 1.

    Sources

    • I see no evidence in the documentation, that this group policy, is only limited to editions of Windows with the group policy. However, if that is the case, then your solution to your problem, is to upgrade to an eligible edition of Windows. I am leaving this as a comment, since "upgrading to an eligible edition of Windows", isn't an acceptable answer to any question (in my opinion).– RamhoundApr 17 at 16:35
    • Brilliant. I think I'll just tweak the registry directly. Thanks!– pushkinApr 17 at 19:36
    • By the way, if I create an application (.exe) and run it, will this setting get in the way? I suspect that it will. Second, if it does, will it also get in the way if I create a script that runs the .exe programmatically?– pushkinApr 17 at 19:38
    • @pushkin - You should read what the policy does. Your question is unrelated to the question you asked. Comments are not designed to ask additional questions. If you are interested, if your application will work, make the change and test it yourself.– RamhoundApr 17 at 20:37

    Your Answer

     

    By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

    Not the answer you're looking for? Browse other questions tagged or ask your own question.