Prohibit non-administrators from applying vendor signed updates

This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.

If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications.

If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.

Supported on: Windows Installer v3.0

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows\Installer
Value NameDisableLUAPatching
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

msi.admx

Administrative Templates (Computers)

Administrative Templates (Users)