Windows 2000 has an Always install with elevated privileges Group Policy, that directs Windows Installer to always use
System permissions when installing a program.
I quote the Resource Kit:
This policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs which require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
Skilled users can take advantage of the permissions this entry grants to change their permissions and gain permanent access to restricted files and folders. Note that the User Configuration version of this entry is not guaranteed to be secure.
This policy can be implemented at Computer Configuration\Administrative Templates\Windows Components\Windows Installer or User Configuration\Administrative Templates\Windows Components\Windows Installer.
When enabled, Windows Installer defaults to using System privileges for the effected users' or computers' install.
When I enabled the policy in Computer Configuration, it did an Add Value name AlwaysInstallElevated, as a REG_DWORD data type, and set the data value to 1, at the following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows\Installer HKEY_USERS\<SID>\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows\Installer
