Hey Todd
Thanks for posting,
According to elevate executable files signed and validated ,
It can be done Locally or by GPO,
You've must enable the following Security Options's Entry :
User Account Control: Only elevate executable files that are signed and validated
Location path in GPEDIT:
Computer Configuration\Policies\Windows Settings\Security Settings\Security Options
It's also can deploy from GPO.