Policy

Configure Security Policy for Scripted Diagnostics

Microsoft Windows

Back to Scripted DiagnosticsBack to main
Configure Security Policy for Scripted Diagnostics
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > Troubleshooting and Diagnostics > Scripted Diagnostics
Supported on
At least Windows Server 2008 R2 or Windows 7

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.

Internal name
ScriptedDiagnosticsSecurityPolicy
Policy ID
b5291ae4d7b6
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics
Value name
ValidateTrust
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics
Value name
ValidateTrust
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.