PowerShell v3 Function Set UACState

A current project has me building common provisioning tasks into a scripted solution. One of the tasks is disabling UAC. There are plenty of posts on how to do this, but, the one I started with is from Technet forum,

How to disable UAC

in which Hil Liao provides this answer,

The best way is to change the registry key at registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem; key = EnableLUA

You can use the following powershell code to check the value:

Code Snippet

$UAC = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA

$UAC.EnableLUA

To change the value and disable UAC:

Code Snippet

Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 0

You need to reboot to make it take effect.

Porting this into a function, I came up with this set of functions (some of which are purely utility functions):

function Get-UACState

{

       [CmdletBinding()]

       param()

       $UAC = Get-ItemProperty -Path hklm:SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA

       if($UAC.EnableLUA -eq 0)

       {

             Write-Verbose "$(Get-TimeStamp): UAC is disabled.";

             $UAC.EnableLUA

       }

       elseif($UAC.EnableLUA -eq 1)

       {

             Write-Verbose "$(Get-TimeStamp): UAC is enabled.";

             $UAC.EnableLUA

       }

}

function Get-TimeStamp

{

       param(

             $Format = yyyy-MM-dd HH:mm:ss

       )

      

       Get-Date -Format $Format;

}

function IsUserElevated

{

       [CmdletBinding()]

       param()

      

       $isuserelevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")

       if($isuserelevated)

       {

             Write-Verbose "$(Get-TimeStamp): User is elevated.";

             $isuserelevated;                       

       }

       elseif(-not($isuserelevated))

       {

             Write-Verbose "$(Get-TimeStamp): User is not elevated.";

             $isuserelevated;                              

       }

}

function Set-UACState

{

       [CmdletBinding(

             DefaultParameterSetName = Disable

       )]

       param(

             [Parameter(

                    ParameterSetName = Disable

             )]

             [Switch]

             $Disable = $true,

            

             [Parameter(

                    ParameterSetName = Enable

             )]

             [Switch]

             $Enable = $false

       )

      

       if(IsUserElevated)

       {

             if($Enable)

             {

                    Set-ItemProperty -Path hklm:SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 1

             }

             elseif($Disable)

             {

                    Set-ItemProperty -Path hklm:SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 0

             }

             elseif($Enable -and $Disable)

             {

                    throw "$(Get-TimeStamp): You must use one of either -Disable or -Enable. Both cannot be selected simultaneously.";

             }

       }

       else

       {

             throw

Related Posts by Categories