|Platform: win2016||Date: (C)2017-08-03 (M)2017-10-16|
"Allow user control over installs"
This policy setting permits users to change installation options that typically are available only to system administrators.
If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation.
If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed.
If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.
This policy setting is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevents software from being installed.
Enabling this setting can compromise security as some of the security features of Windows Installer can be bypassed by users and permits installations to complete that otherwise would be halted due to security violations, which may be contrary to your organization's security requirements.
Configure this setting depending on your organization's requirements.
The Windows Installer security features are bypassed, which permits installations to complete that otherwise would be halted due to a security violation.
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Installer
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer!EnableUserControl
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:40317|