Configure SmartScreen via GPO

With Cryptolocker number of variants rising each day we had to implement SmartScreen filter using Group Policy in our environment.

Here’s how you can easily configure SmartScreen filter using GPO.

Open Group Policy editor (gpedit.msc)

Navigate to:
Computer configuration | Policies | Administrative Templates | Windows Components | File Explorer

From the right pane select Configure Windows SmartScreen select Enabled and from the dropdown list choose Require approval from an administrator before running downloaded unknown software.


Once policy has been created, you should link the policy to computers container since this is a computer configuration policy.

Since this is a Computer configuration policy it should be applied to a computer containter.

On the other hand if you would like to apply this policy to a user containter you will have to enable Group Policy Loopback processing mode policy setting to be able to apply this policy on a user container.

In this case policy will be applied to all computers/users in that container.

In Group POlicy management navigate to:
Computer Configuration | Policies | Administrative Templates | System/Group Policy

From the right pane choose:
Configure user Group Policy loopback processing mode and select Merge from the dropdown list.

Feel free to leave your comments below.

You may also like...

1 Response

  1. D Marra says:

    FYI- With the Windows 10 v1611 update templates, there is no drop down any more. It’s simply “On” or “Off”. Setting to Enabled turns SmartScreen on, and disabled turns SmartScreen off.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × four =

This site uses Akismet to reduce spam. Learn how your comment data is processed.