What is the AlwaysInstallElevated privilege escalation technique with msiexec?

If both HKCU and HKLM registry keys `AlwaysInstallElevated` are set to 1 (via Group Policy), any user can install MSI files with SYSTEM privileges. Tools like PowerUp's `Write-UserAddMSI` generate an MSI that adds an admin user when run. You can check the registry with `reg query HKCU\Software\Policies\Microsoft\Windows\Installer` to confirm. This technique is a classic post-exploitation backdoor, often paired with Penetration Techniques - Stealth Execution of Windows Remote Assistance for stealthy persistence.