SSV-Core

0.9.0

Functions/policy.ps1

                                
$UACLevelPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

$ConsentPromptBehaviorAdmin_Name = "ConsentPromptBehaviorAdmin"

$PromptOnSecureDesktop_Name = "PromptOnSecureDesktop"

function Get-UACLevel() {

    $ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $UACLevelPath $ConsentPromptBehaviorAdmin_Name

    $PromptOnSecureDesktop_Value = Get-RegistryValue $UACLevelPath $PromptOnSecureDesktop_Name

    if ($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0) {

        "Never notify"

    }

    elseIf ($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0) {

        "Notify me only when apps try to make changes to my computer(do not dim my desktop)"

    }

    elseIf ($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1) {

        "Notify me only when apps try to make changes to my computer(default)"

    }

    elseIf ($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1) {

        "Always notify"

    }

    else {

        "Unknown"

    }

}

<#

    Powershell run as administrator

    Level   UAC Description                            ConsentPromptBehaviorAdmin    PromptOnSecureDesktop

     0        Never notify                                         0                             0 

     1        Notify me only (do not dim my desktop)                 5                             0

     2        Notify me only (default)                             5                             1

     3        Always notify                                         2                             1

#>

function Set-UACLevel([int]$Level = 2) {

    New-Variable -Name PromptOnSecureDesktop_Value

    New-Variable -Name ConsentPromptBehaviorAdmin_Value

    if ($Level -NotIn 0, 1, 2, 3) {

        Write-Warning "No supported level"

        return

    }

    $ConsentPromptBehaviorAdmin_Value = 5

    $PromptOnSecureDesktop_Value = 1

    switch ($Level) { 

        0 {

            $ConsentPromptBehaviorAdmin_Value = 0 

            $PromptOnSecureDesktop_Value = 0

        } 

        1 {

            $ConsentPromptBehaviorAdmin_Value = 5 

            $PromptOnSecureDesktop_Value = 0

        } 

        2 {

            $ConsentPromptBehaviorAdmin_Value = 5 

            $PromptOnSecureDesktop_Value = 1

        } 

        3 {

            $ConsentPromptBehaviorAdmin_Value = 2 

            $PromptOnSecureDesktop_Value = 1

        } 

    }

    Set-RegistryValue $UACLevelPath $ConsentPromptBehaviorAdmin_Name $ConsentPromptBehaviorAdmin_Value "UAC Registry - ${ConsentPromptBehaviorAdmin_Name}" "overwrite" [Microsoft.Win32.RegistryValueKind]::DWord

    Set-RegistryValue $UACLevelPath $PromptOnSecureDesktop_Name $PromptOnSecureDesktop_Value "UAC Registry - ${PromptOnSecureDesktop_Name}" "overwrite" [Microsoft.Win32.RegistryValueKind]::DWord

    Get-UACLevel

}