Accounts: User Account Control (UAC) must virtualize file and registry write failures to per-user locations

938c99da-1577-427d-908d-8c5e31bd9546

User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures non-UAC-compliant applications to run in virtualized file and registry entries in per-user locations, allowing them to run.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ "User Account Control: Virtualize file and registry write failures to per-user locations" to "Enabled".

STIG: Server

2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2023-09-11/finding/V-254489
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2023-09-11/finding/V-205720 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93529
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2023-08-22/finding/V-225068 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73721

Desktop:

W11: https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253475
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2023-09-29/finding/V-220951 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220951

NIST 800-53: SC-3
CAT: II
CCI: CCI-001084
Rule-ID: SV-225068r569186_rule
STIG-ID: WN16-SO-000530
STIG-Legacy: SV-88385
STIG-Legacy: V-73721
Vuln-ID|V-225068
CMMC v2.1 L3: SI.L3-3.14.3e
MITRE Att&k: T1087, T1087.001, T1087.002, T1546.011, T1548, T1548.002