A current project has me building common provisioning tasks into a scripted solution. One of the tasks is disabling UAC. There are plenty of posts on how to do this, but, the one I started with is from Technet forum,
How to disable UAC in which Hil Liao provides this answer,
The best way is to change the registry key at registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem; key = EnableLUA
You can use the following powershell code to check the value:
Code Snippet
$UAC = Get-ItemProperty -Path registry:: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA
$UAC .EnableLUA
To change the value and disable UAC:
Code Snippet
Set-ItemProperty -Path registry:: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 0
You need to reboot to make it take effect.
Porting this into a function, I came up with this set of functions (some of which are purely utility functions):
function Get-UACState
{
[CmdletBinding()]
param ()
$UAC = Get-ItemProperty -Path hklm: SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA
if ( $UAC .EnableLUA -eq 0)
{
Write-Verbose "$(Get-TimeStamp): UAC is disabled." ;
$UAC .EnableLUA
}
elseif ( $UAC .EnableLUA -eq 1)
{
Write-Verbose "$(Get-TimeStamp): UAC is enabled." ;
$UAC .EnableLUA
}
}
function Get-TimeStamp
{
param (
$Format = yyyy-MM-dd HH:mm:ss
)
Get-Date -Format $Format ;
}
function IsUserElevated
{
[CmdletBinding()]
param ()
$isuserelevated = ([ Security.Principal.WindowsPrincipal ][ Security.Principal.WindowsIdentity ]:: GetCurrent ()).IsInRole([ Security.Principal.WindowsBuiltInRole ] "Administrator" )
if ( $isuserelevated )
{
Write-Verbose "$(Get-TimeStamp): User is elevated." ;
$isuserelevated ;
}
elseif ( -not ( $isuserelevated ))
{
Write-Verbose "$(Get-TimeStamp): User is not elevated." ;
$isuserelevated ;
}
}
function Set-UACState
{
[CmdletBinding(
DefaultParameterSetName = Disable
)]
param (
[Parameter(
ParameterSetName = Disable
)]
[ Switch ]
$Disable = $true ,
[Parameter(
ParameterSetName = Enable
)]
[ Switch ]
$Enable = $false
)
if ( IsUserElevated )
{
if ( $Enable )
{
Set-ItemProperty -Path hklm: SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 1
}
elseif ( $Disable )
{
Set-ItemProperty -Path hklm: SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 0
}
elseif ( $Enable -and $Disable )
{
throw "$(Get-TimeStamp): You must use one of either -Disable or -Enable. Both cannot be selected simultaneously." ;
}
}
else
{
0 comments:
Post a Comment