Why is a random msi running for standard users the first time they open AutoCAD?

thielen.adam · ‎08-18-2025

AutoCAD 23 and 25. Just running setup as admin through SCCM deployment. Nothing fancy. Serial key licensing.

UAC prompts for admin credentials, but if UAC is disabled, which it can't be any longer, it works fine.

Can't run this as any other user or it just doesn't work, and just tries to run it again with the standard user.

How do I stop this behavior?

oaktonsoftreg · ‎08-25-2025

Got this from Autodesk Education Support. This is working for us on 24H2 (26100.4946), only tested on a couple workstations not planning on disabling UAC on our systems.

The permanent solution for the AutoCAD Admin credentials issue is to use GPO or ConfigManager or batch/script to set the registry as

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer

DisableLUAInRepair to dword:00000001

Best,
Autodesk Education Support

gmthorn · ‎08-25-2025

What are we supposed to do if we can't roll back the update?

justin_venard · ‎08-25-2025

Disabling security controls is not a fix...Autodesk needs to actually provide a solution to this issue.

awmolloy · ‎08-25-2025

That fix worked for me too. But disabling it sounds like a risk. I hope a different solution is coming.

From Copilot:

The DisableLUAInRepair registry setting is a Windows policy that controls whether User Account Control (UAC) prompts appear when using the Repair option for installed programs. Here's a breakdown of what it does and the associated risks:

🔧What DisableLUAInRepair Does

Registry Path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
Value:
DisableLUAInRepair set to 1 disables UAC prompts during MSI-based repair operations.
Effect:
When set, users can initiate repair operations without being prompted for admin credentials—even if the repair modifies system-level files or settings. This is particularly useful in environments where users are not admins but need to repair applications without IT intervention.

⚠️Security Risks of Disabling It

Disabling UAC during repair operations can introduce security vulnerabilities, especially in multi-user or enterprise environments:

Privilege Escalation Risk:
MSI repair operations can run under SYSTEM privileges. If a low-privileged user initiates a repair and the installer is insecurely designed, it may be exploited to gain elevated access. This has been demonstrated in vulnerabilities like CVE-2024-38014, where attackers could hijack the repair process to execute commands as SYSTEM.
Microsoft’s Response:
In response to CVE-2024-38014, Microsoft changed the default behavior in updates like KB5043055, requiring elevation for all repair operations. This was done to mitigate the risk of unauthorized privilege escalation.
Reverting the Change:
Setting DisableLUAInRepair to 1 reverts this security fix, allowing repairs without elevation. While this may restore convenience, it reopens the attack vector that Microsoft aimed to close.

✅When It's Safe to Use

Low-risk environments:
If you're in a controlled, single-user environment (e.g., personal PC or tightly managed kiosk), and you trust all installed software, the risk is minimal.
High-risk environments:
In enterprise or shared systems, especially where users lack admin rights, it's not recommended to disable UAC for repairs.

thielen.adam · ‎08-26-2025

As much as I'd like to put this on AutoDesk, this fix should be fine because that's how windows was operating before the update.

deepti_bhardwaj · ‎08-26-2025

Hello @thielen.adam

Thank you for bringing this issue to our attention. We are aware of an issue affecting AutoCAD 2022–2026 products after the recent Windows 11 August 2025 update (KB5063878 / OS Build 26100.4946).

When attempting to launch, repair, or uninstall AutoCAD, you may see the following message:

Error 1730: You must be an Administrator to remove this application or AutoCAD products (AutoCAD, verticals, and LT on versions 2022 to 2026) request admin credentials and won't open.

Why this happens

This error is caused by a change introduced in the Windows update that incorrectly forces AutoCAD to request elevated administrator permissions. Autodesk is working to release a permanent fix.

Workarounds

Until a patch is available, please use one of the following options:

Run as Administrator
- Right-click the AutoCAD shortcut (or installer/uninstaller) and select “Run as administrator.”
Uninstall Windows Update KB5063878
- Go to Settings > Windows Update > Update history > Uninstall updates.
- Select KB5063878 and uninstall it.
- Restart your computer.
- You may also pause updates temporarily to prevent reinstallation.

Next Steps

Autodesk is monitoring this issue closely with Microsoft.
Once a permanent resolution is available, we will notify you.

For reference: After installation of Security Update for Microsoft Windows AutoCAD products request admin credentia...

We sincerely apologize for any inconvenience this may have caused and greatly appreciate your patience. If the information provided resolves your query, please click “Accept Solution.”

emmonsk · ‎08-27-2025

Is there any update to this. We start classes at our University on Tuesday, and this will greatly impact classes on the first day. Thank you for any additional information you might have.

npruess · ‎08-27-2025

We implemented the registry change as a temporary fix. Also had to uninstall/reinstall AutoCAD (and verticals) as it seemed the installation was hosed if the user had launched the programs and failed to run through the install window prior to the fix being implemented.

matt_anderson9B9SJ · ‎08-27-2025

That's a workaround. We need a fix.

dbellFE72J · ‎08-27-2025

FYI if you run into users that have closed the UAC prompts (like Npruess did), you can reset Autocad (or various Autocad derivatives) by clicking on "Reset Settings to Default" in the Programs list.
We had to make use of this when we did our testing otherwise, we would have had to delete user profiles.

deepti_bhardwaj · ‎08-27-2025

I’d like to share the latest update from Microsoft regarding the installation and repair issue:

Background on the Issue
The issue originates from changes introduced by Microsoft’s September 2024 Security Updates (KB5042880 and KB5043055). These updates modified how Windows Installer handles application repairs, now requiring elevation via UAC prompts even for per-user MSI repairs.

To restore previous behavior, Microsoft recommends setting the following registry key:

This workaround disables the new UAC enforcement during repair operations, allowing impacted machines to function as expected.

Background & Next Steps
Microsoft’s R&D team is actively investigating the root cause and working on a permanent fix. Here’s what you can expect:

Patch Release: A permanent fix will be published through Microsoft’s official update channels.
Customer Notification: All licensed users will receive an email notification detailing the resolution and deployment instructions.
Public Documentation: Microsoft will publish full details on its support and community platforms.
Preventive Guidance: Recommendations will be shared to help avoid similar issues in future releases.

Current Workarounds
While Microsoft finalizes the fix, there are three available workarounds:

Disable UAC for MSI repair operations – by setting the registry key above. This only impacts the MSI repair process and does not reduce the overall Windows system security level.
Uninstall the September security updates – although please note that automatic updates may reinstall them.
Grant administrator credentials when prompted – some users have confirmed that once credentials are entered, the issue does not reoccur.

We will continue to monitor Microsoft’s progress and keep you updated as soon as the permanent fix is released.

caenarena1 · ‎08-28-2025

Alternative Workaround (No UAC Downgrade Required)

A more structured workaround involves manually preparing the user profile in advance, using an admin account on a reference machine. Here's how:

Step-by-Step Process

Log in with an admin account on a reference PC Launch AutoCAD once to allow full profile initialization.
Save the following folders to a network location:
- %appdata%\Autodesk\AutoCAD 20xx
- %localappdata%\Autodesk\AutoCAD 20xx (replace xx with installed version)
Export the registry key:
Code (replace x with installed version: Autocad 2025 => R25.0)
```
Computer\HKEY_CURRENT_USER\Software\Autodesk\AutoCAD\R2x.0
```
On the target PC (new user profile):
- Copy the two folders into the corresponding paths for the new user.
- Edit the .reg file: Replace all instances of C:\Users\{USERNAME} with the actual destination username using Find & Replace.
- Run the .reg file to import the registry settings.

With these three resources (AppData folders + registry key), AutoCAD will launch without triggering MSI repair or requesting admin rights. This avoids compromising UAC settings or uninstalling critical Windows updates.

Optional Automation You can create a PowerShell or BAT script to automate:

Folder copy operations
Registry import (after dynamic username substitution)

This makes it easier for IT staff or end users to apply the fix with minimal effort.

Important Note: This is a temporary workaround until Autodesk and Microsoft release an official fix. Always test thoroughly before deploying in production environments.

emmonsk · ‎09-02-2025

I did hear back on my support ticket with Microsoft. Here is the response I got from them.

I want to let you know that we have an action plan in place, and you will need to roll back due to the known issue with the UAC prompt until further notice. as per your windows version Windows 11 22H2.

https://download.microsoft.com/download/a05e97af-23ec-4ba3-b83b-a5e450b987c7/Windows 11 22H2 KB50638...

Let me know if you have any questions or concerns

singh_h · ‎09-03-2025

Can you please share script/batch file you have made?

thielen.adam · ‎09-03-2025

Guys, it seems a lot easier to just add the reg key that lets it work like it does before the update. Create a reg file and put the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
"DisableLUAInRepair"=dword:00000001

Then save that as a .reg, and use something like the following command or batch, through sccm, group policy, etc:

cmd /c reg.exe import disableLUArepair.reg /reg:64

cmd /c and /reg:64 are additions that SCCM plays nicer with when deploying from a package.

ej25wrx · ‎09-03-2025

I think this approach makes sysadmins uncomfortable since this can potentially expose machines to CVE-2024-38014.

thielen.adam · ‎09-03-2025

As far as I can tell, you would be just as exposed with the prompt, assuming you provide credentials to get the install finished. This is based on a quick reading of the CVE. It doesn't matter how it executed, the attack comes from another malware, I assume just waiting for a repair operation to occur. The more extensive method of pre-adding folders, and files, and user-specific regkeys, if that works and you are a wiz with that, then it is probably the better way to go. But I imagine a lot of environments will struggle there, especially in labs where students frequently move to different computers, but their computer account already exists.

There's always ways to make it work, but the vulnerability seems really really unlikely to work (there is a tool that Autodesk can use to make sure their installers aren't susceptible) in any environment with moderate controls and malware detections. System admins should go with whatever doesn't keep them awake at night. In a normal classroom lab environment with somewhat inconsequential windows boxes with limited access to any other sensitive resources, it's not particularly troubling.

lhall5YJRE · ‎09-04-2025

Why is Autodesk running a repair every time a user opens up autoCAD/Arch? This behavior makes no sense.

While we wait for Autodesk to get their stuff together, doing this workaround is probably the best bet so you don't have to revert the cumulative update. Here is what I added into Intune Detection/Remediation in case anyone needs to just copy and paste to get it working again. Make sure to test it out before running in production.

Detection Script:

$Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer"
$Name = "DisableLUAInRepair"
$Type = "DWORD"
$Value = "1"

Try {
    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
    If ($Registry -eq $Value){
        Write-Output "Compliant"
       	exit 0
    }
     
    else {
    Write-Warning "Not Compliant"
    exit 1
   }
} 
Catch {
    Write-Warning "Not Compliant"
    exit 1
}

Remediation Script:

# Remediation Script to Set DisableLUAInRepair = 1
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer"
$dwordName = "DisableLUAInRepair"
$dwordValue = 1

# Create the registry key if it doesn't exist
if (-not (Test-Path $registryPath)) {
    New-Item -Path $registryPath -Force | Out-Null
}

# Set the DWORD value
New-ItemProperty -Path $registryPath -Name $dwordName -Value $dwordValue -PropertyType DWord -Force | Out-Null

bwilkerson · ‎09-04-2025

Thank you for that remediation script. Disabling any part of UAC is not something I want to do but my environment is not set to easily remove Microsoft Updates as they will just get reinstalled. At least with this I can limit the script to the lab that needs this to work.

jorma_heikkuri · ‎09-07-2025

This same problem affects also Autodesk TrueView 2023. I have not tested all TrueView versions.

Official MS document about the problem:

CVE-2025-50173 - Security Update Guide - Microsoft - Windows Installer Elevation of Privilege Vulner...

MS has published Recommended Workaround (KIR Policy). Never heard before what is KIR but here is better explanation.

https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deplo...

I have not yest tested these steps. Maybe someone of you can test and tell us the results.

Should we just wait the Patch Tuesday, which is Tuesday, September 9, 2025.

I will wait and see what new features we will get soon.

Recommended Workaround (KIR Policy)

Download and run the OS-specific KIR MSI for CVE-2025-50173 to temporarily disable protections.

Running the MSI installs an ADMX file in %systemroot%\policydefinitions, providing the required Group Policy settings.

Configure the OS version-specific Group Policy Setting (do not modify the registry directly):

Windows 11 24H2 / Server 2025
Path: Computer Configuration -> Administrative Templates -> KB5063878 250825_21501 Known Issue Rollback
Setting: KB5063878 250825_21501 Known Issue Rollback
Value: Disabled
Windows 11 22H2 / 23H2
Path: Computer Configuration -> Administrative Templates -> KB5063875 250825_20401 Known Issue Rollback
Value: Disabled
Windows Server 2022
Path: Computer Configuration -> Administrative Templates -> KB5063880 250825_20251 Known Issue Rollback
Value: Disabled
Windows 10 22H2
Path: Computer Configuration -> Administrative Templates -> KB5063709 250826_07451 Known Issue Rollback
Value: Disabled

Reboot Requirement

A system reboot is required after applying the KIR policy.
In domain environments, allow time for Group Policy replication, then perform either a background or manual policy refresh, followed by a reboot.

Community

Why is a random msi running for standard users the first time they open AutoCAD?