STIG ID: WN22-CC-000430 | SRG: SRG-OS-000362-GPOS-00149 | Severity: high | CCI: | Vulnerability Id: V-254374
Standard user accounts must not be granted elevated privileges. Enabling Windows Installer to elevate privileges when installing applications can allow malicious persons and applications to gain full control of a system.
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Installer >> Always install with elevated privileges to "Disabled".
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Installer\
Value Name: AlwaysInstallElevated
Type: REG_DWORD
Value: 0x00000000 (0)