You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: hub/package-manager/index.md
+31Lines changed: 31 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,3 +60,34 @@ For this reason, the Windows Package Manager desktop installer supports a policy
60
60
“Certificate Pinning” ensures that the package manager connection to the Microsoft Store is secure, helping to avoid risks associated with attacks such as Man-in-the-Middle (MITM) attacks involving a third party inserting themselves between a client (user) and server (application) to secretly intercept communication flows to steal sensitive data such as login credentials, etc. Disabling “Certificate Pinning” (enabling the bypass) can expose your organization to risk in this area and should be avoided.
61
61
62
62
To learn more about setting up Group Policy for your enterprise organization, see the [Microsoft Intune documentation](/mem/intune/).
63
+
64
+
## Additional Group Policy settings for Windows Package Manager
65
+
66
+
Windows Package Manager offers additional configurations options available via Group Policy, enabling IT administrators to manage and control its functionality across devices. These settings are especially useful for enterprise environments where compliance and consistency are critical.
67
+
68
+
The additional Group Policy templates for Windows Package Manager are included from Windows 11 build (x) onwards, and are also included with each release. Each template can be divided into multiple subcategories, enabling IT administrators to configure key aspects of the tool's behavior, such as:
69
+
70
+
-**Source Control**: Specify which sources are allowed or blocked.
71
+
-**Local Development**: Control whether users are allowed to enable experimental features or local manifest installations.
72
+
-**Execution Policies**: Set policies for the command line interface and proxy options.
73
+
74
+
To download the Group Policy templates:
75
+
76
+
1. Navigate to the [Windows Package Manage GitHub releases](https://github.com/microsoft/winget-cli/releases) page.
77
+
2. Locate the release version you wish to use.
78
+
3. Download the `DesktopAppInstallerPolicies.zip` file included in the release assets.
79
+
80
+
The ZIP file contains the necessary `.admx` and `.adml` files for deploying the policies. Once you've downloaded the `DesktopAppInstallerPolicies.zip` file:
81
+
82
+
1. Extract the contents of the ZIP file on your local machine.
83
+
2. Copy the `.admx` file to the `C:\Windows\PolicyDefinitions` folder on the target device.
84
+
3. Copy the corresponding language-specific `.adml` file to the appropriate subdirectory, such as `C:\Windows\PolicyDefinitions\en-US`.
85
+
4. Open the Group Policy Management Console (GPMC) to configure the policies.
86
+
87
+
> [!NOTE]
88
+
> When working on a Windows Domain Controller, you can store the Group Policy templates in the Central Store. For detailed instructions, visit the following [documentation](https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store).
89
+
90
+
New Group Policy settings may be introduced with each release of Windows Package Manager. To ensure your environment is always up to date:
91
+
92
+
- Regularly check for updates on the [Windows Package Manager GitHub repository](https://github.com/microsoft/winget-cli/releases) page.
93
+
- Review the release notes for changes or additions to the policy templates.
0 commit comments