Policy

Deny all add-ons unless specifically allowed in the Add-on List

Microsoft Windows

Back to Add-on ManagementBack to main
Deny all add-ons unless specifically allowed in the Add-on List
Jump to overview

Policy overview

Key metadata and intent for this policy.

Category
Windows Components > Internet Explorer > Security Features > Add-on Management
Supported on
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages. By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting. If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowed) through the 'Add-on List' policy setting. If you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting. Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more details).

Internal name
AddonManagement_ManagementMode
Policy ID
495c64621d35
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Path
Software\Microsoft\Windows\CurrentVersion\Policies\Ext
Value name
RestrictToList
REG_DWORD
HKLM
1
HKCU
1
HKLM
0
HKCU
0
Registry location
Type REG_DWORD · Both
Path
Software\Microsoft\Windows\CurrentVersion\Policies\Ext
Value name
RestrictToList
Hive
HKLM
Enabled value
1
Disabled value
0
Hive
HKCU
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.