Domain Admins UAC Permission On Domain Controller

I have 2 Windows Server 2016 servers. Recently when I login with my Domain Administrator account and run an installer I get the 2503 and 2502 errors. I have to run a command prompt as an administrator to launch the installer and the program installs.

The error I get is

ShellExecuteEx failed; code 8235
A referral was returned from the server.

I have had this problem on a Windows 10 machine but did a reset to it and the problem went away. I can't do that on these domain controllers.

To get anything done I have to use the command line as an admnistrator trick. I can't even use the Control panel to uninstall a program through programs and features without making a special shortcut for it. Any idea how I can fix this?


Found an issue with a Group Policy setting which was set to enabled.

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Settings\User Account Control: Only elevate executables that are signed and validated

Set this to disabled and ran the installer again and ran without 2503 or 2502 errors.