Policy

Untrusted Font Blocking

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategorySystem > Mitigation Options
Supported onAt least Windows Server 2016, Windows 10

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.

Internal name
FontMitigation
Policy ID
6b746980d65e
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Mitigation Options
ID FontMitigation_DL
enum
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions\MitigationOptions_FontBocking
Type REG_SZ
Options: Block untrusted fonts and log events (1000000000000), Do not block untrusted fonts (2000000000000), Log events without blocking untrusted fonts (3000000000000)

Other policies in this category

Explore related policies at the same level.