Allow software to run or install even if the signature is invalid

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file. If you enable this policy setting, users will be prompted to install or run files with an invalid signature. If you disable this policy setting, users cannot run or install files with an invalid signature. If you do not configure this policy, users can choose to run or install files with an invalid signature.

This policy has no additional user input fields.

• ComputerUser
  Allow active content from CDs to run on user machines

  At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
• ComputerUser
  Allow Install On Demand (except Internet Explorer)

  Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
• ComputerUser
  Allow Install On Demand (Internet Explorer)

  Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
• ComputerUser
  Allow Internet Explorer to use the HTTP2 network protocol

  At least Internet Explorer 11.0 on Windows 10
• ComputerUser
  Allow Internet Explorer to use the SPDY/3 network protocol

  Only Internet Explorer 11.0 on Windows 8.1
• ComputerUser
  Allow third-party browser extensions

  At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
• ComputerUser
  Always send Do Not Track header

  At least Internet Explorer 10.0