CCE-97040-0Platform: cpe:/o:microsoft:windows_11 | Date: (C)2022-05-07 (M)2023-07-04 |
Manages non-Administrator users' ability to install Windows app packages.
If you enable this policy, non-Administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Administrator PowerShell window). All users will still be able to install Windows app packages via the Microsoft Store, if permitted by other policies.
If you disable or do not configure this policy, all users will be able to initiate installation of Windows app packages.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApp Package DeploymentPrevent non-admin users from installing packaged Windows apps
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsAppx!BlockNonAdminUserInstall
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\App Package Deployment\Prevent non-admin users from installing packaged Windows apps
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx!BlockNonAdminUserInstall
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.8 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:79778 |