|Platform: win2012r2||Date: (C)2015-10-08 (M)2017-10-31|
User Account Control: Only elevate UIAccess applications that are installed in secure locations
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
- ?\Program Files\, including subfolders
- ?\Program Files (x86)\, including subfolders for 64-bit versions of Windows
Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
The options are:
- Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
- Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!User Account Control: Only elevate UIAccess applications that are installed in secure locations
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableSecureUIAPaths
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:23053|