Prohibit non-administrators from applying vendor signed updates

This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.

If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications.

If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.

Supported on: Windows Installer v3.0

Registry PathSoftware\Policies\Microsoft\Windows\Installer
Value NameDisableLUAPatching
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)