Registry trustmanager promptinglevel

Solution: Your administrator has blocked this application because it potentially poses a security risk to your computer

The Problem: Your administrator has blocked this application…

You’re trying to install a ClickOnce application and get an error message saying: “Your administrator has blocked this application because it potentially poses a security risk to your computer”:
Your administrator has blocked this application because it potentially poses a security risk to your computer

You are the administrator and don’t remember blocking any applications (if you’re not the admin, contact them instead of reading this article).

The reason this is happening

TheĀ ClickOnce trust prompt is disabled on your operating system, so instead of a dialog (prompt) which allows you to either proceed with the installation or not, you just get the message above.

The solution

You can change the ClickOnce trust prompt behavior by editing the registry subkeys under:


There should be five subkeys, one for each security zone:
Registry trustmanager promptinglevel

Each subkey can have one of the following values:

  • Disabled: No trust prompt is shown, instead you get the error message above.
  • Enabled: A trust prompt is shown.
  • AuthenticodeRequired: A trust prompt is shown only for signed applications (other applications cannot be installed).

Trust prompt example

If the application you’re trying to install has been published on the Internet, you’ll want to set the Internet subkey to “Enabled” (or to “AuthenticodeRequired” if the application has been digitally signed). You should then see a trust prompt instead of the “your administrator has blocked this application” error:
Trust Prompt - do you want to install this application

Free Trust Prompt Tool

As an alternative to editing the registry manually, you can also use a free trust prompt tool I wrote:

Trust Prompt Tool

It allows you to easily display and modify the trust prompt configuration.


  • If you don’t trust yourself or other people using your PC, you can change the respective zone setting back to “Disabled” after installing the ClickOnce application. The trust prompt configuration has no effect on installed applications and their updates.
  • You could also add the publisher’s site to your trusted sites and only enable trust prompts for the TrustedSites subkey.
  • Are you wondering why all your trust prompt settings have been changed to “Disabled”? Unfortunately, I have no idea. I’ve had this happen on multiple PCs and I’m pretty sure I didn’t do this myself.

Supporting my work and this blog

I am always happy to read nice comments. If you’re feeling generous, you can purchase a PDF version of this article for US$2 by clicking here. Thank you!

This link was added on March 18, 2020 and the total amount after fees received so far is: US$20.61.

24 thoughts on “Solution: Your administrator has blocked this application because it potentially poses a security risk to your computer”

  1. Thank you+++++++++++++++
    I have spent days trying to get around this and this is the first worthwhile information that I have found which really works!!!!

  2. Thanks…solved install problem with Fidelity ActiveTrader Pro install…change PromptingLevel for Internet to AuthenticodeRequired and blocking stopped…install worked ok there after…Fidelity could not tell me this fix…”secret” Microsoft non-sense…and probably an older install program…there are so many easier ways to verify software…let’s try to use those simpler methods!

  3. Thank you so much for taking the time to research, explain and provide a solution to this frustrating issue! This is the first time I’ve seen this and am wondering if it’s a Win 10 1909 bug?

    Have a great day!

  4. This was the only way that worked for me.
    Windows 7 64-bit
    Internet Explorer 11.

    Thank you very much!

  5. Many thanks, your advice worked. Fortunately this is not the first time that I’ve needed to edit the Registry. For beginners though, I would suggest that you remind people to backup the Registry before they change it. You could also make it explicit that they have to right click on the Internet sub- key to modify it, and then type “AuthenticodeRequired” in the data field.

Leave a Reply to Anonymous Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.