Why is a random msi running for standard users the first time they open AutoCAD?

My question is: why does Autodesk persist with this obviously flawed behavior of its broken AutoCAD installer, when none of the other apps resort to this crappy 'per-User' secondary installer?

If Revit can be installed perfectly fine with no additional ridiculous config settings, why can't AutoCAD?

Come on Autodesk ... get your act together.

Tested AutoCAD Mechanical 2023 and DWG TrueView 2023 with Windows 11 24H2. Same UAC problem like before with Windows 11 September hotfix KB5065426.

Maybe MS fixed only Office 2010 problem. 

It would be nice to know how did they verify KB5065426. Is some extra configuration required after hotfix installation.

The real solution must come from Autodesk.  User profile modification doesn't required admin rights, but doing with secondary repair does.

Solution is to stop using secondary repair and code a new solution. It's hard to make a change if you have used old solution few decades.

Hallo Zusammen, 

wir haben ebenfalls unabhängig von autodesk Programm die Problematik, da wir ebenfalls eine Software mit dem MSI-Installer bedienen. Nur rein das neue KB Update aufspielen führt nicht zum gewünschten Ziel. Microsoft hat die Lösung entsprechend mitaufgeführt. Und zwar zu finden unter diesem link: Unerwartete UAC-Aufforderungen beim Ausführen von MSI-Reparaturvorgängen nach der Installation des W....

Hier muss man den Produktcode der MSI-Datei entsprechend auf eine Art whitelist packen. Hat hier jemand schon die nötige Erfahrung gesammelt? Nur rein das KB Update aufspielen und erneutes Starten der Anwendung führt zu keinem Erfolg.

Hey @marioheidt, Vielen Dank

Here is the same document in English: https://support.microsoft.com/en-gb/topic/unexpected-uac-prompts-when-running-msi-repair-operations-...

So far the best solution.  You have to whitelist the versions what you are using for MSI installer.

Location is here: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer

Make the new key SecureRepairWhitelist. Autodesk should provide all the AutoCAD and DWG TrueView related product keys for us.

Next question is does your organization security team allow this kind of tuning.

Microsoft's instructions leave a lot to be desired. I automated it with PowerShell. Just adjust $filter to your needs.

# Prerequisite - September 2025 Cumulative Update or later
# https://support.microsoft.com/en-us/topic/unexpected-uac-prompts-when-running-msi-repair-operations-after-installing-the-august-2025-windows-security-update-5806f583-e073-4675-9464-fe01974df273

# Filter for products to include
$filter = @(
    
    "AutoCAD", #simple string match
    "^Autodesk Civil 3D \d{4}(?!.*Private Pack).*" #or match with regex

)

# Get a list of installed MSI products
$Installer = New-Object -ComObject WindowsInstaller.Installer
$InstallerProducts = $Installer.ProductsEx("", "", 7)
$InstalledProducts = foreach ($Product in $InstallerProducts){
    try {
        [PSCustomObject]@{
            ProductCode   = $Product.ProductCode()
            LocalPackage  = $Product.InstallProperty("LocalPackage")
            VersionString = $Product.InstallProperty("VersionString")
            ProductName   = $Product.InstallProperty("ProductName")
        }
    }
    catch {
        # Suppress errors for products missing certain properties
    }
}

# Match products by filter
$MatchingProducts = $InstalledProducts | Where-Object {
    foreach ($f in $filter) {
        if ($_.ProductName -match $f) { return $true }
    }
    return $false
}


# Modify the registry
$RegPath  = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer"
New-ItemProperty -Path $RegPath -Name "SecureRepairPolicy" -Value 2 -PropertyType DWord -Force | Out-Null

if (-not (Test-Path $RegPath\SecureRepairWhitelist)) {
    New-Item -Path $RegPath\SecureRepairWhitelist -Force | Out-Null
}

foreach ($m in $MatchingProducts) {
    $code = $m.ProductCode
    Write-Output "Adding $($m.ProductName) to the Secure Repair Whitelist"
    New-ItemProperty -Path $RegPath\SecureRepairWhitelist -Name $code -PropertyType String -Force | Out-Null
}

I did read it, but thanks for the elaboration.

So, MS does a minor tweak to remove their liability for causing pain to thousands of organisations using Autodesk products reduce the scope for requiring UAC prompts for MSI repairs ... and we don't need to push a registry change to DisableLUAInRepair or rollback KB5063878. Fantastic news.

Instead, we have to use Orca to determine the installed product code, then include that code in a new registry key for Installer called SecureRepairWhitelist ... and push out to all affected workstations. Have I got that right? Much less complicated or onerous than above isn't it?

No, what I'm railing at is Autodesk's seemingly indifferent approach to this long-standing problem with AutoCAD, or acceptance that its own installation process is broken. Read "MSI Repair operation" ... "Secondary Installer needs to run" ... Appdata needs to be configured per user rather than for System ... etc, etc.

Surely this falls squarely into Autodesk's responsibility. Why do we need to make fleet-wide changes and push out registry entries to allow a process to run without elevation that surely weakens the security posture and attack-surface of the device? Just so a user can launch AutoCAD?

Why is this not needed for Revit, but is needed for AutoCAD ... both flagship applications licensed at great expense from the same provider and using installers downloaded in confidence from that provider?

Here is some product codes. I have not yet tested do these really work...

All AutoCAD 2023 and verticals use same ProductCode expect DWG TrueView 2023.

Does German, Japanese, Spain, French, Chinese use the same ProductCode like English?

Change the AutoCAD R code and you will find you ProductCode, I hope.

Please share you findings.

Same ProductCode => they work the same way and have same problems and share same code base.

You can find the product codes from Windows registry. No need to use Orca.

If you know the name of the msi you can use command line: msiexec /i "7dc68c.msi" /L*V log.txt

Check the log.txt file and look for the line

MSI (c) (88:68) [23:12:02:873]: APPCOMPAT: looking for appcompat database entry with ProductCode '{28B89EEF-6105-0409-2102-CF3F3A09B77D}'

DWG TrueView 2023 - English

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91443368-3E7B-4B5D-8A8E-7DA489BC7318}

ProductCode = {91443368-3E7B-4B5D-8A8E-7DA489BC7318}

AutoCAD 2023 - English

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\AutoCAD\R24.2\ACAD-6101:409
ProductCode = {28B89EEF-6101-0409-2102-CF3F3A09B77D}

AutoCAD Mechanical 2023 - English

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\AutoCAD\R24.2\ACAD-6105:409
ProductCode = {28B89EEF-6105-0409-2102-CF3F3A09B77D}

AutoCAD LT 2023 - English

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\AutoCAD LT\R29\ACADLT-6101:409
ProductCode = {28B89EEF-6109-0409-2102-CF3F3A09B77D}

This requires the MSI file name and not the exe product code correct?  There are many of these msi files on each workstation.  Filename almost seems random.

UAC pop-up will show MSI file which is used to run the repair. MSI files are in folder C:\Windows\Installer. There is a lot of MSI and MST files.

Autodesk will rerelease the documentation soon but before that here is more information how product codes are defined.

{28B89EEF-<ProductID>-<Language>-2102-CF3F3A09B77D} 

Modify the <ProductID> and <Language> by referencing the table below. <ProductID> consists of both Release and Product.

For reference, below are some product code examples:

AutoCAD 2026 (English):  {28B89EEF-9101-0409-2102-CF3F3A09B77D} 

Autodesk Civil 3D 2024 (Korean):  {28B89EEF-7100-0412-2102-CF3F3}

AutoCAD LT 2025 (German):  {28B89EEF-8109-0407-2102-CF3F3A09B77D}

All of this in place and the 2503 error still comes up followed by 2502.  The update is installed and keys added properly.

For now I will continue using AdminByRequest.

@deepti_bhardwaj 

Can we please get an update from Autodesk on where we're at with an official fix to AutoCADs installer (and any other products that may be affected)?  We're still waiting to push out the software to machines until we have a proper, permanent fix that doesn't involve modifying the registry, as this shouldn't be necessary to make the product function properly.  Is an official fix from Autodesk on its way soon?

Document was updated Sep 11, 2025.

https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/After-installation...

There should be an Excel with product codes in the next release, I hope. Microsoft and Autodesk are still working on this case.  This is just temporary fix.

I have case open in Autodesk support portal. If you ask me the Autodesk should provide the final solution. But it won't happen in a few weeks.

Affected list form Autodesk: AutoCAD products (AutoCAD, verticals, and LT on versions 2022 to 2026) request admin credentials and won't open.

My list: DWG TrueView, AutoCAD products (AutoCAD, verticals, and LT on versions 2022 to 2026) request admin credentials and won't open.

If I use search engine the result is here. Examples of what are AutoCAD 2026 verticals. 

AutoCAD verticals => AutoCAD, AutoCAD Architecture, AutoCAD MEP, AutoCAD Electrical.  AutoCAD LT, AutoCAD Plant3D, AutoCAD Advandced Steel, Autodesk Civil 3D

This maybe one rule of thumb. If you product code start and end string is like this {28B89EEF-<ProductID>-<Language>-2102-CF3F3A09B77D} you have the problem.

I do see that the support document was updated.  What's concerning to me is that, previously, the article said that Microsoft and Autodesk were working on a solution for this.  Now, it says "Microsoft has released updates on September 9 to address this issue".  That's not a fix; that's a workaround.  There's no way every customer of Autodesk can be expected to install AutoCAD and then create registry entries in order to manually allow the execution of a first run MSI, when that MSI is randomized.

Really looking forward to seeing an official fix from Autodesk where a workaround isn't required, and hopefully very soon.

@deepti_bhardwaj do we have any additional info from the Autodesk team on when we can expect this to be fixed without a workaround?