This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users. If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based application. If you disable this policy setting, users without administrative privileges will be able to install non-administrator updates. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Installer!Prohibit non-administrators from applying vendor signed updates (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer!DisableLUAPatching