I’ve been doing some research into this, and though I’m not a developer it appears to be a feature in the Windows security model.
We can impersonate the user and run it interactively (with the user’s existing session), but it looks like we cannot elevate a non-admin user to an admin access token unless we create a new login session - which requires authenticating.
I don’t think this is necessarily a limitation in BigFix itself, but in the Windows API / security model as a whole. I don’t know of any way around it.
You should probably pursue getting the application updates to work using the LocalSystem account. A good way to test interactively first is using psexec from https://microsoft.com/Sysinternals
psexec -i -s CMD.exe
…to open an interactive command prompt as the SYSTEM account, and then figure out a way to update this application silently.
Then you should be able to deploy that in BigFix without needing any action overrides.