Edge Flags #edge Click Once
Microsoft Edge Clickonce Flag
Launch Microsoft Edge. Enter edge://flags in the address bar, then press Enter on your keyboard. Begin typing ClickOnce Support in the search bar to display ClickOnce Support in the Experiments list. Select Enabled from the dropdown menu. Nov 20, 2020 Microsoft Edge 87 enables the ClickOnce deployment by default. It will reduce the barriers for enterprises to deploy software and better align with Microsoft Edge Legacy browser behavior. The enterprise NTP blends the Office 365 productivity page we offer to users signed in with their work or school account with personalized, work-relevant.
You can configure the ClickOnce trust prompt to control whether end users are given the option of installing ClickOnce applications, such as Windows Forms applications, Windows Presentation Foundation applications, console applications, WPF browser applications, and Office solutions. You configure the trust prompt by setting registry keys on each end user's computer.
The following table shows the configuration options that can be applied to each of the five zones (Internet, UntrustedSites, MyComputer, LocalIntranet, and TrustedSites).
| Option | Registry setting value | Description |
|---|---|---|
| Enable the trust prompt. | Enabled | The ClickOnce trust prompt is display so that end users can grant trust to ClickOnce applications. |
| Restrict the trust prompt. | AuthenticodeRequired | The ClickOnce trust prompt is only displayed if ClickOnce applications are signed with a certificate that identifies the publisher. |
| Disable the trust prompt. | Disabled | The ClickOnce trust prompt is not displayed for any ClickOnce applications that are not signed with an explicitly trusted certificate. |
The following table shows the default behavior for each zone. The Applications column refers to Windows Forms applications, Windows Presentation Foundation applications, WPF browser applications, and console applications.
| Zone | Applications | Office solutions |
|---|---|---|
MyComputer | Enabled | Enabled |
LocalIntranet | Enabled | Enabled |
TrustedSites | Enabled | Enabled |
Internet | Enabled | AuthenticodeRequired |
UntrustedSites | Disabled | Disabled |
You can override these settings by enabling, restricting, or disabling the ClickOnce trust prompt.
Enable the ClickOnce trust prompt
Enable the trust prompt for a zone when you want end users to be presented with the option of installing and running any ClickOnce application that comes from that zone.
To enable the ClickOnce trust prompt by using the registry editor
Open the registry editor:
Click Start, and then click Run.
In the Open box, type
regedit, and then click OK.
Find the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMICROSOFT.NETFrameworkSecurityTrustManagerPromptingLevel
If the key does not exist, create it.
Add the following subkeys as String Value, if they do not already exist, with the associated values shown in the following table.
String Value subkey Value InternetEnabledUntrustedSitesDisabledMyComputerEnabledLocalIntranetEnabledTrustedSitesEnabledFor Office solutions,
Internethas the default valueAuthenticodeRequiredandUntrustedSiteshas the valueDisabled. For all others,Internethas the default valueEnabled.
To enable the ClickOnce trust prompt programmatically
Create a Visual Basic or Visual C# console application in Visual Studio.
Open the Program.vb or Program.cs file for editing and add the following code.
Build and run the application.
Restrict the ClickOnce trust prompt
Restrict the trust prompt so that solutions must be signed with Authenticode certificates that have known identity before users are prompted for a trust decision.
To restrict the ClickOnce trust prompt by using the registry editor
Open the registry editor:
Click Start, and then click Run.
In the Open box, type
regedit, and then click OK.
Find the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMICROSOFT.NETFrameworkSecurityTrustManagerPromptingLevel
If the key does not exist, create it.
Add the following subkeys as String Value, if they do not already exist, with the associated values shown in the following table.
String Value subkey Value UntrustedSitesDisabledInternetAuthenticodeRequiredMyComputerAuthenticodeRequiredLocalIntranetAuthenticodeRequiredTrustedSitesAuthenticodeRequired
To restrict the ClickOnce trust prompt programmatically
Create a Visual Basic or Visual C# console application in Visual Studio.
Open the Program.vb or Program.cs file for editing and add the following code.
Build and run the application.
Disable the ClickOnce trust prompt
You can disable the trust prompt so that end users are not given the option to install solutions that are not already trusted in their security policy.
To disable the ClickOnce trust prompt by using the registry editor
Open the registry editor:
Click Start, and then click Run.
In the Open box, type
regedit, and then click OK.
Find the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMICROSOFT.NETFrameworkSecurityTrustManagerPromptingLevel
If the key does not exist, create it.
Add the following subkeys as String Value, if they do not already exist, with the associated values shown in the following table.
String Value subkey Value UntrustedSitesDisabledInternetDisabledMyComputerDisabledLocalIntranetDisabledTrustedSitesDisabled
To disable the ClickOnce trust prompt programmatically
Create a Visual Basic or Visual C# console application in Visual Studio.
Open the Program.vb or Program.cs file for editing and add the following code.
Build and run the application.
See also