vscode icon indicating copy to clipboard operation
vscode copied to clipboard
verified publisher icon microsoft

Extension Whitelisting via GPO: Publisher "microsoft" doesn't associate fully to specific ms publishers

Open DigitalAbsynthe opened this issue 10 months ago • 2 comments

Type: Bug

I have setup our AD servers to control VS-Code extension whitelisting via GPO. Using the publisher name "microsoft" does allow Microsoft extensions to be installed, however, for the extension "Remote-SSH" it becomes disabled upon trying to connect to a remote host, or a restart of VS-Code. On restart, it does not gray out the extension in the listing, but none of the commands are available or visible in the F1 command list. If I uninstall the extension, reboot VS-Code, and reinstall the extension, the commands are available in the F1 list. As soon you try to connect to a host, the extension is disabled and the commands associated are again no longer in the available list.

I was able to work around this issue and get the Remote-SSH extension to work properly by specifically allowing the publisher "ms-vscode-remote" in my GPO's Json object list.

I have not been made aware of other Microsoft extensions behaving in this manner, but it seems to be an issue with the "microsoft" publisher name not fully superseding the specific publisher name.

My current GPO allow list is: { "microsoft": true, "github": true, "redhat": "stable", "google": true, "bitwisecook.tcl": true, "cpmcgrath.codealignment-vscode": true, "d9705996.perl-toolbox": true, "eirikpre.systemverilog": true, "golang.go": true, "ms-vscode-remote": true }

VS Code version: Code 1.96.2 (fabdb6a30b49f79a7aba0f2ad9df9b399473380f, 2024-12-19T10:22:47.216Z) OS version: Windows_NT x64 10.0.22631 Modes:

System Info
Item Value
CPUs 13th Gen Intel(R) Core(TM) i9-13950HX (32 x 2419)
GPU Status 2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off
Load (avg) undefined
Memory (System) 63.69GB (33.28GB free)
Process Argv --crash-reporter-id 3bbd7f46-171f-4bf0-8d80-af288c0994ee
Screen Reader no
VM 0%
Extensions (5)
Extension Author (truncated) Version
go gol 0.44.0
remote-ssh ms- 0.117.1
remote-ssh-edit ms- 0.87.0
remote-wsl ms- 0.88.5
remote-explorer ms- 0.4.3

DigitalAbsynthe avatar Feb 26 '25 20:02 DigitalAbsynthe