Policy

Allow users to patch elevated products

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Windows Installer
Supported onAt least Windows 2000

Supported OS tags: Windows10, Windows10RT, Windows11, Windows2000, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

This policy setting allows users to patch elevated products. If you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use. If you disable or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. This policy setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.

Internal name
AllowLockdownPatch
Policy ID
805ff6d53440
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Policies\Microsoft\Windows\Installer\AllowLockdownPatchREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.

View all policies in this category