This policy setting allows you to manage the installation of app packages that do not originate from the Windows Store. Counter Measure: Organizations that develop their own line-of-business app packages or acquire then directly from vendors may want to enable this policy setting, however if your organization only acquires app packages from the Windows Store you should disable this policy setting. Potential Impact: If you enable this policy setting, you can install any trusted app package. A trusted app package is one that is signed with a certificate chain that can be successfully validated by the local computer. This can include line-of-business app packages signed by the enterprise in addition to app packages that originate from the Windows Store. If you disable or do not configure this policy setting, you can only install trusted app packages that come from the Windows Store. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\App Package Deployment\Allow all trusted apps to install (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx!AllowAllTrustedApps