Configure SmartScreen via GPO
With Cryptolocker number of variants rising each day we had to implement SmartScreen filter using Group Policy in our environment.
Here’s how you can easily configure SmartScreen filter using GPO.
Open Group Policy editor (gpedit.msc)
Navigate to:
Computer configuration | Policies | Administrative Templates | Windows Components | File Explorer
From the right pane select Configure Windows SmartScreen select Enabled and from the dropdown list choose Require approval from an administrator before running downloaded unknown software.
Once policy has been created, you should link the policy to computers container since this is a computer configuration policy.
Since this is a Computer configuration policy it should be applied to a computer containter.
On the other hand if you would like to apply this policy to a user containter you will have to enable Group Policy Loopback processing mode policy setting to be able to apply this policy on a user container.
In this case policy will be applied to all computers/users in that container.
In Group POlicy management navigate to:
Computer Configuration | Policies | Administrative Templates | System/Group Policy
From the right pane choose:
Configure user Group Policy loopback processing mode and select Merge from the dropdown list.
Feel free to leave your comments below.
FYI- With the Windows 10 v1611 update templates, there is no drop down any more. It’s simply “On” or “Off”. Setting to Enabled turns SmartScreen on, and disabled turns SmartScreen off.
thanks man
How do you add exceptions to smart screen?? I turned it on to test for a small group and it’s blocking one of our sites we use (ninite.com). Don’t see any options to add it to a whitelist or say ‘OK, but continue on anyway’