Why does my LPM rule for Product Info not work when the MSI is on a NAS share?

Problem:

You've applied an LPM elevate rule to an MSI file. This file is on a NAS share, and end-users are still facing issues inheriting the rule properly, resulting in persistent UAC prompts.

Cause:

If the Domain Computers account does not have read access to MSI files on NAS shares, then CSE cannot read the MSI database to check Product info values. As a result, any rules that use Product info will not work.

Workaround:

Add Domain Computers group to NAS share and grant Read access in NTFS permissions.

The screen shot below displays TrueNAS ACL permissions.

In Windows Explorer, if you check the NTFS permissions of the folder, it should appear as shown in the screen shot below: