Policy

Prohibit non-administrators from applying vendor signed updates

Microsoft Windows

Back to Windows InstallerBack to main
Prohibit non-administrators from applying vendor signed updates
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Windows Installer
Supported on
Windows Installer v3.0

This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users. If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications. If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.

Internal name
MSI_DisableLUAPatching
Policy ID
8092be3afce8
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\Installer
Value name
DisableLUAPatching
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\Installer
Value name
DisableLUAPatching
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.