Block launching desktop apps associated with a URI scheme

Supported on: At least Windows Server 2012, Windows 8 or Windows RT

Registry

HKLM Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKCU Software\Microsoft\Windows\CurrentVersion\Policies\Associations

Value name: BlockProtocolElevation

Enabled: BlockProtocolElevation = 1

Disabled: BlockProtocolElevation = 0

Description

This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app. If you enable this policy setting, packaged Microsoft Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps. If you disable or do not configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.