--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-46993-2

Platform: win2016Date: (C)2017-08-03   (M)2017-10-16



"Allow user control over installs" This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation. If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user. This policy setting is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevents software from being installed. Vulnerability: Enabling this setting can compromise security as some of the security features of Windows Installer can be bypassed by users and permits installations to complete that otherwise would be halted due to security violations, which may be contrary to your organization's security requirements. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: The Windows Installer security features are bypassed, which permits installations to complete that otherwise would be halted due to a security violation.


Parameter: EnableUserControl


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Installer (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer!EnableUserControl

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40317


OVAL    1
oval:org.secpod.oval:def:40317
XCCDF    2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© 2013 SecPod Technologies