{
	"id": "d27ffb32-7f75-4e06-be62-8752402f03d3",
	"created_at": "2026-04-06T00:19:35.148826Z",
	"updated_at": "2026-04-10T13:12:40.624764Z",
	"deleted_at": null,
	"sha1_hash": "4e62647a619921742ac1852d21afcb1de61b92f6",
	"title": "Configure the ClickOnce Trust Prompt Behavior - Visual Studio (Windows)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 87075,
	"plain_text": "Configure the ClickOnce Trust Prompt Behavior - Visual Studio\r\n(Windows)\r\nBy Mikejo5000\r\nArchived: 2026-04-05 18:50:53 UTC\r\nYou can configure the ClickOnce trust prompt to control whether end users are given the option of installing ClickOnce\r\napplications, such as Windows Forms applications, Windows Presentation Foundation applications, console applications,\r\nWPF browser applications, and Office solutions. You configure the trust prompt by setting registry keys on each end user's\r\ncomputer.\r\nThe following table shows the configuration options that can be applied to each of the five zones (Internet, UntrustedSites,\r\nMyComputer, LocalIntranet, and TrustedSites).\r\nOption Registry setting value Description\r\nEnable the\r\ntrust prompt.\r\nEnabled\r\nThe ClickOnce trust prompt is displayed so that end users can grant trust\r\nto ClickOnce applications.\r\nRestrict the\r\ntrust prompt.\r\nAuthenticodeRequired\r\nThe ClickOnce trust prompt is only displayed if ClickOnce applications\r\nare signed with a certificate that identifies the publisher. Otherwise, the\r\nClickOnce application won't be installed.\r\nDisable the\r\ntrust prompt.\r\nDisabled\r\nThe ClickOnce trust prompt isn't displayed. Only ClickOnce applications\r\nthat are signed with an explicitly trusted certificate will be installed.\r\nThe following table shows the default behavior for each zone. The Applications column refers to Windows Forms\r\napplications, Windows Presentation Foundation applications, WPF browser applications, and console applications.\r\nZone Applications Office solutions\r\nMyComputer Enabled Enabled\r\nLocalIntranet Enabled Enabled\r\nTrustedSites Enabled Enabled\r\nInternet Enabled AuthenticodeRequired\r\nUntrustedSites Disabled Disabled\r\nYou can override these settings by enabling, restricting, or disabling the ClickOnce trust prompt.\r\nEnable the ClickOnce trust prompt\r\nEnable the trust prompt for a zone when you want end users to be presented with the option of installing and running any\r\nClickOnce application that comes from that zone.\r\nTo enable the ClickOnce trust prompt by using the registry editor\r\nhttps://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp\r\nPage 1 of 5\n\n1. Open the registry editor:\r\n1. Click Start, and then click Run.\r\n2. In the Open box, type regedit , and then click OK.\r\n2. Find the following registry key:\r\n\\HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\.NETFramework\\Security\\TrustManager\\PromptingLev\r\nIf the key doesn't exist, create it.\r\n3. Add the following subkeys as String Value, if they don't already exist, with the associated values shown in the\r\nfollowing table.\r\nString Value subkey Value\r\nInternet Enabled\r\nUntrustedSites Disabled\r\nMyComputer Enabled\r\nLocalIntranet Enabled\r\nTrustedSites Enabled\r\nFor Office solutions, Internet has the default value AuthenticodeRequired and UntrustedSites has the value\r\nDisabled . For all others, Internet has the default value Enabled .\r\nTo enable the ClickOnce trust prompt programmatically\r\n1. Create a Visual Basic or Visual C# console application in Visual Studio.\r\n2. Open the Program.vb or Program.cs file for editing and add the following code.\r\nC#\r\nVB\r\nMicrosoft.Win32.RegistryKey key;\r\nkey = Microsoft.Win32.Registry.LocalMachine.CreateSubKey(\"SOFTWARE\\\\MICROSOFT\\\\.NETFramework\\\\Security\\\\TrustManage\r\nkey.SetValue(\"MyComputer\", \"Enabled\");\r\nkey.SetValue(\"LocalIntranet\", \"Enabled\");\r\nkey.SetValue(\"Internet\", \"AuthenticodeRequired\");\r\nkey.SetValue(\"TrustedSites\", \"Enabled\");\r\nkey.SetValue(\"UntrustedSites\", \"Disabled\");\r\nkey.Close();\r\n3. Build and run the application.\r\nRestrict the ClickOnce trust prompt\r\nRestrict the trust prompt so that solutions must be signed with Authenticode certificates that have known identity before\r\nusers are prompted for a trust decision.\r\nhttps://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp\r\nPage 2 of 5\n\nTo restrict the ClickOnce trust prompt by using the registry editor\r\n1. Open the registry editor:\r\n1. Click Start, and then click Run.\r\n2. In the Open box, type regedit , and then click OK.\r\n2. Find the following registry key:\r\n\\HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\.NETFramework\\Security\\TrustManager\\PromptingLev\r\nIf the key doesn't exist, create it.\r\n3. Add the following subkeys as String Value, if they don't already exist, with the associated values shown in the\r\nfollowing table.\r\nString Value subkey Value\r\nUntrustedSites Disabled\r\nInternet AuthenticodeRequired\r\nMyComputer AuthenticodeRequired\r\nLocalIntranet AuthenticodeRequired\r\nTrustedSites AuthenticodeRequired\r\nTo restrict the ClickOnce trust prompt programmatically\r\n1. Create a Visual Basic or Visual C# console application in Visual Studio.\r\n2. Open the Program.vb or Program.cs file for editing and add the following code.\r\nC#\r\nVB\r\nMicrosoft.Win32.RegistryKey key;\r\nkey = Microsoft.Win32.Registry.LocalMachine.CreateSubKey(\"SOFTWARE\\\\MICROSOFT\\\\.NETFramework\\\\Security\\\\TrustManage\r\nkey.SetValue(\"MyComputer\", \"AuthenticodeRequired\");\r\nkey.SetValue(\"LocalIntranet\", \"AuthenticodeRequired\");\r\nkey.SetValue(\"Internet\", \"AuthenticodeRequired\");\r\nkey.SetValue(\"TrustedSites\", \"AuthenticodeRequired\");\r\nkey.SetValue(\"UntrustedSites\", \"Disabled\");\r\nkey.Close();\r\n3. Build and run the application.\r\nDisable the ClickOnce trust prompt\r\nYou can disable the trust prompt so that end users aren't given the option to install solutions that aren't already trusted in\r\ntheir security policy.\r\nhttps://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp\r\nPage 3 of 5\n\nTo disable the ClickOnce trust prompt by using the registry editor\r\n1. Open the registry editor:\r\n1. Click Start, and then click Run.\r\n2. In the Open box, type regedit , and then click OK.\r\n2. Find the following registry key:\r\n\\HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\.NETFramework\\Security\\TrustManager\\PromptingLev\r\nIf the key doesn't exist, create it.\r\n3. Add the following subkeys as String Value, if they don't already exist, with the associated values shown in the\r\nfollowing table.\r\nString Value subkey Value\r\nUntrustedSites Disabled\r\nInternet Disabled\r\nMyComputer Disabled\r\nLocalIntranet Disabled\r\nTrustedSites Disabled\r\nTo disable the ClickOnce trust prompt programmatically\r\n1. Create a Visual Basic or Visual C# console application in Visual Studio.\r\n2. Open the Program.vb or Program.cs file for editing and add the following code.\r\nC#\r\nVB\r\nMicrosoft.Win32.RegistryKey key;\r\nkey = Microsoft.Win32.Registry.LocalMachine.CreateSubKey(\"SOFTWARE\\\\MICROSOFT\\\\.NETFramework\\\\Security\\\\TrustManage\r\nkey.SetValue(\"MyComputer\", \"Disabled\");\r\nkey.SetValue(\"LocalIntranet\", \"Disabled\");\r\nkey.SetValue(\"Internet\", \"Disabled\");\r\nkey.SetValue(\"TrustedSites\", \"Disabled\");\r\nkey.SetValue(\"UntrustedSites\", \"Disabled\");\r\nkey.Close();\r\n3. Build and run the application.\r\nRelated content\r\nSecure ClickOnce applications\r\nCode access security for ClickOnce applications\r\nhttps://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp\r\nPage 4 of 5\n\nClickOnce and Authenticode\r\nTrusted application deployment overview\r\nEnable and configure ClickOnce security settings\r\nSet a security zone for a ClickOnce application\r\nSet custom permissions for a ClickOnce application\r\nDebug a ClickOnce application with restricted permissions\r\nAdd a trusted publisher to a client computer for ClickOnce applications\r\nRe-sign application and deployment manifests\r\nSource: https://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp\r\nhttps://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp"
	],
	"report_names": [
		"how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022\u0026tabs=csharp"
	],
	"threat_actors": [],
	"ts_created_at": 1775434775,
	"ts_updated_at": 1775826760,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4e62647a619921742ac1852d21afcb1de61b92f6.pdf",
		"text": "https://archive.orkl.eu/4e62647a619921742ac1852d21afcb1de61b92f6.txt",
		"img": "https://archive.orkl.eu/4e62647a619921742ac1852d21afcb1de61b92f6.jpg"
	}
}