Windows Installer: Prohibit patchingID: oval:org.secpod.oval:def:19078 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Prohibit patching machine setting should be configured correctly.
Prevents users from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit patching
(2) KEY: HKLM\Software\Policies\Microsoft\Windows\Installer\DisablePatch
Platform: |
Microsoft Windows Server 2008 R2 |