AlwaysInstallElevated
MITRE ATT&CK™ System Binary Proxy Execution: Msiexec - Technique T1218.007
Last updated
Was this helpful?
MITRE ATT&CK™ System Binary Proxy Execution: Msiexec - Technique T1218.007
Last updated
Was this helpful?
The AlwaysInstallElevated policy feature offers ALL users on a Windows operating systems the ability to install an MSI package file with elevated (system) privileges.
If it is enabled, it will create the value AlwaysIntstallElevated
and set it to 0x1
(enabled) on the following two registry keys. 's reg.py (Python) script can be used to query registry remotely from a UNIX-like machine.