This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - Disabled: (Default for enterprise) Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. Countermeasure: Enable the User Account Control: Detect application installations and prompt for elevation setting. Potential Impact: Users will need to provide administrative passwords to be able to install programs. [enabled/disabled] (1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options\\User Account Control: Detect application installations and prompt for elevation (2) REG: HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!EnableInstallerDetection oval:org.secpod.oval:def:8604 BITS Shared Assessments SIG v6.0 Jericho Forum HIPAA/HITECH Act FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- ISO/IEC 27001-2005 COBIT 4.1 GAPP (Aug 2009) NERC CIP NIST SP800-53 R3 AC-3 NIST SP800-53 R3 AC-6 PCIDSS v2.0 FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- BITS Shared Assessments AUP v5.0 SCAP Repo OVAL Definition 2013-01-18 BITS Shared Assessments SIG v6.0 2012-10-12 Jericho Forum 2012-10-12 HIPAA/HITECH Act 2012-10-12 ISO/IEC 27001-2005 2012-10-12 COBIT 4.1 2012-10-12 GAPP (Aug 2009) 2012-10-12 NERC CIP 2012-10-12 NIST SP800-53 R3 2012-10-12 PCIDSS v2.0 2012-10-12 BITS Shared Assessments AUP v5.0 2012-10-12