The Problem: Your administrator has blocked this application…
You’re trying to install a ClickOnce application and get an error message saying: “Your administrator has blocked this application because it potentially poses a security risk to your computer”:
You are the administrator and don’t remember blocking any applications (if you’re not the admin, contact them instead of reading this article).
The reason this is happening
The ClickOnce trust prompt is disabled on your operating system, so instead of a dialog (prompt) which allows you to either proceed with the installation or not, you just get the message above.
You can change the ClickOnce trust prompt behavior by editing the registry subkeys under:
There should be five subkeys, one for each security zone:
Each subkey can have one of the following values:
- Disabled: No trust prompt is shown, instead you get the error message above.
- Enabled: A trust prompt is shown.
- AuthenticodeRequired: A trust prompt is shown only for signed applications (other applications cannot be installed).
Trust prompt example
If the application you’re trying to install has been published on the Internet, you’ll want to set the Internet subkey to “Enabled” (or to “AuthenticodeRequired” if the applicationt has been digitally signed). You should then see a trust prompt instead of the “your administrator has blocked this application” error:
Free Trust Prompt Tool
As an alternative to editing the registry manually, you can also use a free trust prompt tool I wrote:
It allows you to easily display and modify the trust prompt configuration.
- If you don’t trust yourself or other people using your PC, you can change the respective zone setting back to “Disabled” after installing the ClickOnce application. The trust prompt configuration has no effect on installed applications and their updates.
- You could also add the publisher’s site to your trusted sites and only enable trust prompts for the TrustedSites subkey.
- Are you wondering why all your trust prompt settings have been changed to “Disabled”? Unfortunately, I have no idea. I’ve had this happen on multiple PCs and I’m pretty sure I didn’t do this myself.