Policy

Configure Security Policy for Scripted Diagnostics

This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.

Policy
Pack Microsoft Windows
Category System / Troubleshooting and Diagnostics / Scripted Diagnostics
Policy ID b5291ae4d7b6
Internal name ScriptedDiagnosticsSecurityPolicy

Registry

Copy registry mappings

HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\ValidateTrust (enabled) = 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\ValidateTrust (disabled) = 0

Policy notes

This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.

Related policies

Troubleshooting: Allow users to access and run Troubleshooting WizardsTroubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)