This setting controls whether or not Windows Installer should use system permissions when it installs any program on the system. Note: This setting appears both in the Computer Configuration and User Configuration folders. To make this setting effective, you must enable the setting in both folders. Caution: If enabled, skilled users can take advantage of the permissions this setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this setting is not guaranteed to be secure. Fix: (1) GPO: User ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows InstallerAlways install with elevated privileges (2) REG: HKEY_USERS[USER SID]SoftwarePoliciesMicrosoftWindowsInstaller:AlwaysInstallElevated

[enable/disable]

(1) GPO: User Configuration\Policies\Administrative Templates\Windows Components\Windows Installer\Always install with elevated privileges (2) REG: HKEY_USERS\[USER SID]\Software\Policies\Microsoft\Windows\Installer:AlwaysInstallElevated