Policy
Block launching desktop apps associated with a URI scheme
This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app. If you enable this policy setting, packaged Microsoft Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps. If you disable or do not configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
51f6b5db9ad4 AppxRuntimeBlockProtocolElevation Registry
Copy registry mappings
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\BlockProtocolElevation (enabled) = 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\BlockProtocolElevation (disabled) = 0HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\BlockProtocolElevation (enabled) = 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\BlockProtocolElevation (disabled) = 0Policy notes
This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app. If you enable this policy setting, packaged Microsoft Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps. If you disable or do not configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.