Allow only per user or approved shell extensions

Supported OS tags: Windows10, Windows10RT, Windows11, Windows2000, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine. A shell extension only runs if there is an entry in at least one of the following locations in registry. For shell extensions that have been approved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved. For shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.

This policy has no additional user input fields.

• Computer
  Allow the use of remote paths in file shortcut icons

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  Configure Windows Defender SmartScreen

  At least Windows Server 2012, Windows 8 or Windows RT
• ComputerUser
  Disable binding directly to IPropertySetStorage without intermediate layers.

  At least Windows Vista
• User
  Disable Known Folders

  At least Windows Server 2008 R2 or Windows 7
• User
  Display confirmation dialog when deleting files

  At least Windows Server 2003 operating systems or Windows XP Professional
• User
  Display the menu bar in File Explorer

  At least Windows Vista
• User
  Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon

  At least Windows 2000