An error occurred:

Check: WN10-CC-000315

Microsoft Windows 10 STIG: WN10-CC-000315 (in versions v3 r4 through v1 r7)

Title

The Windows Installer Always install with elevated privileges must be disabled. (Cat I impact)

Discussion

Standard user accounts must not be granted elevated privileges. Enabling Windows Installer to elevate privileges when installing applications can allow malicious persons and applications to gain full control of a system.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Installer\ Value Name: AlwaysInstallElevated Value Type: REG_DWORD Value: 0

Fix Text

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Installer >> "Always install with elevated privileges" to "Disabled".

Additional Identifiers

Rule ID: SV-220857r1051032_rule

Vulnerability ID: V-220857

Group Title: SRG-OS-000362-GPOS-00149

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001812

The information system prohibits user installation of software without explicit privileged status.
CCI-003980

Allow user installation of software only with explicit privileged status.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-11(2)

Software Installation with Privileged Status