Pages

Friday, June 24, 2016

PowerShell v3 Function Set UACState

A current project has me building common provisioning tasks into a scripted solution. One of the tasks is disabling UAC. There are plenty of posts on how to do this, but, the one I started with is from Technet forum,
How to disable UAC
in which Hil Liao provides this answer,
The best way is to change the registry key at registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem; key = EnableLUA

You can use the following powershell code to check the value:
Code Snippet
$UAC = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA
$UAC.EnableLUA

To change the value and disable UAC:
Code Snippet
Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 0

You need to reboot to make it take effect.
Porting this into a function, I came up with this set of functions (some of which are purely utility functions):
function Get-UACState
{
       [CmdletBinding()]
       param()

       $UAC = Get-ItemProperty -Path hklm:SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA
       if($UAC.EnableLUA -eq 0)
       {
             Write-Verbose "$(Get-TimeStamp): UAC is disabled.";
             $UAC.EnableLUA
       }
       elseif($UAC.EnableLUA -eq 1)
       {
             Write-Verbose "$(Get-TimeStamp): UAC is enabled.";
             $UAC.EnableLUA
       }
}

function Get-TimeStamp
{
       param(
             $Format = yyyy-MM-dd HH:mm:ss
       )
      
       Get-Date -Format $Format;
}

function IsUserElevated
{
       [CmdletBinding()]
       param()
      
       $isuserelevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
       if($isuserelevated)
       {
             Write-Verbose "$(Get-TimeStamp): User is elevated.";
             $isuserelevated;                       
       }
       elseif(-not($isuserelevated))
       {
             Write-Verbose "$(Get-TimeStamp): User is not elevated.";
             $isuserelevated;                              
       }
}

function Set-UACState
{
       [CmdletBinding(
             DefaultParameterSetName = Disable
       )]
       param(
             [Parameter(
                    ParameterSetName = Disable
             )]
             [Switch]
             $Disable = $true,
            
             [Parameter(
                    ParameterSetName = Enable
             )]
             [Switch]
             $Enable = $false
       )
      
       if(IsUserElevated)
       {
             if($Enable)
             {
                    Set-ItemProperty -Path hklm:SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 1
             }
             elseif($Disable)
             {
                    Set-ItemProperty -Path hklm:SoftwareMicrosoftWindowsCurrentVersionpoliciessystem -Name EnableLUA -Value 0
             }
             elseif($Enable -and $Disable)
             {
                    throw "$(Get-TimeStamp): You must use one of either -Disable or -Enable. Both cannot be selected simultaneously.";
             }
       }
       else
       {
             throw

Related Posts by Categories

0 comments:

Post a Comment