[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Enable user to patch elevated products

ID: oval:org.secpod.oval:def:18982Date: (C)2014-05-29   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Enable user to patch elevated products machine setting should be configured correctly. Allows users to upgrade programs during privileged installations. This setting permits all users to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use. By default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. This setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" setting. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to patch elevated products (2) KEY: HKLM\Software\Policies\Microsoft\Windows\Installer\AllowLockDownPatch

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-10965-2
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-10965-2
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies