Policy

Allow signed updates from an intranet Microsoft update service location

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Windows Update > Manage updates offered from Windows Server Update Service
Supported onAt least Windows Server 2003 operating systems or Windows XP Professional with SP1, excluding Windows RT

Supported OS tags: Windows7, Windows8, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsVista, WindowsXP

This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft. Note: Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.

Internal name
TrustedPublisher_Title
Policy ID
7c41888e171e
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AcceptTrustedPublisherCertsREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.