Your administrator has blocked this application because it potentially poses a security risk to your computer
When installing Management Portal you may encounter the following error - Your administrator has blocked this application because it potentially poses a security risk to your computer.
This page explains your options for working around this and getting Management Portal installed. ALL of these suggestions are given with the assumption that you consult with your IT team's security policies before proceeding. Your IT team can refer to this Microsoft article for background information on ClickOnce and what these settings do.
How did this happen?
Your IT team might find this blurb useful. Why are some computers blocking ClickOnce installs? Do we have a Group Policy in place? Did IT block these for a reason?
From our own experiences we are not clear why some computers have blocked ClickOnce and others have not. Most computers seem to lack the entire set of registry keys mentioned below and simply go with system defaults (which allow ClickOnce installs). This issue was first reported to us May 1, 2019. Since then we have seen perhaps 5-10 additional reports. Then in October of 2019 we saw many more reports of installs being blocked. It seems some process is likely setting these keys, but what process that is we are not sure. It's unlikely to be group policy or something done intentionally by your organization. I would theorize that Windows Updates or some other process is in play.
Set Internet to Authenticode Enabled
Our recommended solution. ClickOnce applications downloaded from the internet will need to have a valid code-signing certificate in order to install.
- Edit your registry and navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel
- Find the Internet key and set the value to Authenticode
- Install Management Portal
Delete Registry Key Folder
This will enable Window's default settings. It is what most computers use.
- Edit your registry and navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\
- Delete the entire folder TrustManager
- Install Management Portal
Set Trusted Sites to Authenticode Enabled
If your organization is more security conscious you can enable ClickOnce installs for Trusted Sites only.
- Edit your registry and navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel
- Find the TrustedSites key and set the value to Authenticode
- Go to Internet Explorer | Gear Icon | Internet Options | Security Tab
- Click Trusted Sites | Sites. Add https://*.projectorpsa.com
- Install Management Portal
Set Internet to Enabled
The default for most machines is this.
- Edit your registry and navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel
- Find the Internet key and set the value to Enabled
- Install Management Portal
Set Keys Via PowerShell
If you are an administrator, you may find it useful to set the keys through PowerShell rather than manually editing the registry. Below is an example of our recommended solution.
//if key doesn't exist, create it New-Item "HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel" -force | Out-Null //set values Set-Itemproperty -path 'HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel' -Name 'Internet' -value 'Authenticode' Set-Itemproperty -path 'HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel' -Name 'LocalIntranet' -value 'Disabled' Set-Itemproperty -path 'HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel' -Name 'MyComputer' -value 'Disabled' Set-Itemproperty -path 'HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel' -Name 'TrustedSites' -value 'Disabled' Set-Itemproperty -path 'HKLM:\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel' -Name 'UntrustedSites' -value 'Disabled'