User Account Control: Only elevate executables that are signed and validated

User Account Control: Only elevate executables that are signed and validated

This security setting will enforce PKI signature checks on any interactive application that requests elevation of privilege. Enterprise administrators can control the admin application allowed list thru the population of certificates in the local computers Trusted Publisher Store.

The options are:

- Enabled: Enforces the PKI certificate chain validation of a given executable before it is permitted to run.

- Disabled: Does not enforce PKI certificate chain validation before a given executable is permitted to run.

Default: Disabled

Policy path: 

Computer Configuration\Windows Settings\Local Policies\Security Options

Supported on: 

At least Windows Vista, Windows Server 2008

Registry settings: 

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures

Reboot required: 

No

Related content