Information
This policy setting controls whether or not users can override the SHA256 security validation in the Windows Package Manager settings.
The recommended state for this setting is: Disabled
Users should not have the ability to override SHA256 security validation.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled :
Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop App Installer\Enable App Installer Hash Override
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DesktopAppInstaller.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates v1.0 (or newer).
Impact:
Users will not have the ability to override the SHA256 security validation.