Blog Post

Windows IT Pro Blog
6 MIN READ

Manage Windows Package Manager with Group Policy

Demitrius_Nelon's avatar
Demitrius_Nelon
Icon for Microsoft rankMicrosoft
May 11, 2021
As we prepare to ship version 1.0 of Windows Package Manager, we wanted to provide guidance on how to manage Windows Package Manager using Group Policy. We first announced the existence of Windows ...
Published May 11, 2021
Version 1.0
Application Management
device management
Karl-WE's avatar
Karl-WE
MVP
Apr 11, 2024
About defining sources

As I thought the instructions in the ADMX description on the syntax for defining allowed or additional sources isn't clear enough, let me give an example on how to do this:


1a. Deploy ADMX on-premises

There is zip file with each Winget release, which contains the files required for central policy store (on-premises and Intune import) e.g. https://github.com/microsoft/winget-cli/releases/tag/v1.7.10861

Copy the ADMX file to local GPO central store \\domainname.local\sysvol\domainname\Policies\PolicyDefinitions


1b. Deploy ADMX in Intune

Here is a description how to import the ADMX.
https://andrewstaylor.com/2022/10/26/managing-winget-using-intune-and-admx-import/

unfortunately it does appear to work like that due to
https://github.com/microsoft/winget-cli/issues/1892

Which ultimately leads us to the point that ADMX file cannot be used in Intune for "reasons".
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-desktopappinstaller


2.  Add an additional (private) repository
 
On your Windows 10 / 11 client or Windows Server 2022 (unsupported) / Windows Server 2025 (supported), add a new (private) repository using winget.
here I am taking the example given by winget.pro. Which offers a paid solution for a cloud based private winget repository.

winget source add -n api.winget.pro -a https://api.winget.pro/yourrepositoryID -t "Microsoft.Rest"​


3. Export the sources as indicated in the ADMX help

winget source export​


 


4. Edit ADMX based Policy for Repository

Copy each repository and include these as whole into your local or Intune based Winget Policy
execute "winget source export" to obtain the syntax that is required for sources. It is NOT https:// only but the full syntax provided from winget source export.

wrong


right

 

5. Outcome of an applied GPO

 

PS C:\Windows\system32> winget source list
Name           Argument
--------------------------------------------------------------------------
api.winget.pro https://api.winget.pro/yourrepositoryID
msstore        https://storeedgefd.dsx.mp.microsoft.com/v9.0
winget         https://cdn.winget.microsoft.com/cache