AdamUL

User Account Control (UAC) UDF

5 posts in this topic

Here is a UDF that allows you to easily read and write to the registry keys that control User Account Control (UAC).  I wrote this UDF while I was working on a project for Windows 7 that required reboots, and for the script to start on its own, with the full administrator rights, after the PC auto logged in without the issue of the UAC prompt.  The functions I used the most was _UAC_GetConsentPromptBehaviorAdmin and _UAC_SetConsentPromptBehaviorAdmin, but I decided to go ahead and write a full UDF for the all the UAC values.  For usage, please look a the function headers.I hope other finds this UDF useful.  
 
#include-once
;~ #AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
;~ #AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
;~ #Tidy_Parameters=/sf
; #INDEX# =======================================================================================================================
; Title .........: User Account Control (UAC) UDF for Windows Vista and higher.
; AutoIt Version : 3.3.6++
; UDF Version ...: 1.0
; Language ......: English
; Description ...: Get or Set UAC registry settings in Windows Vista or higher.
; Dll ...........:
; Author(s) .....: Adam Lawrence (AdamUL)
; Email .........:
; Modified ......:
; Contributors ..:
; Resources .....: http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys
;                  http://www.autoitscript.com/forum/topic/122050-useful-snippets-collection-thread/page__p__847186#entry847186 (Post #1, item 8.)
; Remarks .......: #RequireAdmin and/or #AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator is needed for "Set" functions to work in this UDF.
; ===============================================================================================================================

; #CURRENT# =====================================================================================================================
;_UAC_GetConsentPromptBehaviorAdmin
;_UAC_GetConsentPromptBehaviorUser
;_UAC_GetEnableInstallerDetection
;_UAC_GetEnableLUA
;_UAC_GetEnableSecureUIAPaths
;_UAC_GetEnableUIADesktopToggle
;_UAC_GetEnableVirtualization
;_UAC_GetFilterAdministratorToken
;_UAC_GetPromptOnSecureDesktop
;_UAC_GetValidateAdminCodeSignatures
;_UAC_SetConsentPromptBehaviorAdmin
;_UAC_SetConsentPromptBehaviorUser
;_UAC_SetEnableInstallerDetection
;_UAC_SetEnableLUA
;_UAC_SetEnableSecureUIAPaths
;_UAC_SetEnableUIADesktopToggle
;_UAC_SetEnableVirtualization
;_UAC_SetFilterAdministratorToken
;_UAC_SetPromptOnSecureDesktop
;_UAC_SetValidateAdminCodeSignatures
; ===============================================================================================================================

; #CONSTANTS# ===================================================================================================================
Global Const $UAC_ELEVATE_WITHOUT_PROMPTING = 0
Global Const $UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP = 1
Global Const $UAC_PROMPT_FOR_CONSENT_SECURE_DESKTOP = 2
Global Const $UAC_PROMPT_FOR_CREDENTIALS = 3
Global Const $UAC_PROMPT_FOR_CONSENT = 4
Global Const $UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES = 5
Global Const $UAC_AUTOMATICALLY_DENY_ELEVATION_REQUESTS = 0
Global Const $UAC_DISABLED = 0
Global Const $UAC_ENABLED = 1
; ===============================================================================================================================

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetConsentPromptBehaviorAdmin
; Description ...: Gets UAC Registry Key for ConsentPromptBehaviorAdmin.  Behavior of the elevation prompt for administrators in Admin Approval Mode.
; Syntax ........: _UAC_GetConsentPromptBehaviorAdmin()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_ELEVATE_WITHOUT_PROMPTING(0) - Elevate without prompting (Use this option only in the most constrained environments).
;                  |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop.
;                  |$UAC_PROMPT_FOR_CONSENT_SECURE_DESKTOP (2) - Prompt for consent on the secure desktop.
;                  |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
;                  |$UAC_PROMPT_FOR_CONSENT (4) - Prompt for consent.
;                  |$UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES (5) - Prompt for consent for non-Windows binaries (default).
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetConsentPromptBehaviorAdmin()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorAdmin")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetConsentPromptBehaviorAdmin

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetConsentPromptBehaviorUser
; Description ...: Gets UAC Registry Key for ConsentPromptBehaviorUser.  Behavior of the elevation prompt for standard users.
; Syntax ........: _UAC_GetConsentPromptBehaviorUser()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_AUTOMATICALLY_DENY_ELEVATION_REQUESTS (0) - Automatically deny elevation requests.
;                  |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop (default).
;                  |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetConsentPromptBehaviorUser()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorUser")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetConsentPromptBehaviorUser

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableInstallerDetection
; Description ...: Gets UAC Registry Key for EnableInstallerDetection.  Detect application installations and prompt for elevation.
; Syntax ........: _UAC_GetEnableInstallerDetection()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled (default for enterprise).
;                  |$UAC_ENABLED (1) - Enabled (default for home).
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableInstallerDetection()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableInstallerDetection")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetEnableInstallerDetection

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableLUA
; Description ...: Gets UAC Registry Key for EnableLUA. Run all administrators in Admin Approval Mode.
; Syntax ........: _UAC_GetEnableLUA()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - UAC (formally known as LUA) is disabled.
;                  |$UAC_ENABLED (1) - UAC (formally known as LUA) is enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableLUA()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetEnableLUA

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableSecureUIAPaths
; Description ...: Gets UAC Registry Key for EnableSecureUIAPaths.  Only elevate UIAccess applications that are installed in secure locations.
; Syntax ........: _UAC_GetEnableSecureUIAPaths()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableSecureUIAPaths()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableSecureUIAPaths")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetEnableSecureUIAPaths

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableUIADesktopToggle
; Description ...: Gets UAC Registry Key for EnableUIADesktopToggle.  Allow UIAccess applications to prompt for elevation without using the secure desktop.
; Syntax ........: _UAC_GetEnableUIADesktopToggle()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableUIADesktopToggle()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableUIADesktopToggle")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetEnableUIADesktopToggle

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableVirtualization
; Description ...: Gets UAC Registry Key for EnableVirtualization.  Virtualize file and registry write failures to per-user locations.
; Syntax ........: _UAC_GetEnableVirtualization()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableVirtualization()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableVirtualization")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetEnableVirtualization

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetFilterAdministratorToken
; Description ...: Gets UAC Registry Key for FilterAdministratorToken.  Admin Approval Mode for the Built-in Administrator account.
; Syntax ........: _UAC_GetFilterAdministratorToken()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetFilterAdministratorToken()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "FilterAdministratorToken")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetFilterAdministratorToken

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetPromptOnSecureDesktop
; Description ...: Gets UAC Registry Key for PromptOnSecureDesktop. Switch to the secure desktop when prompting for elevation.
; Syntax ........: _UAC_GetPromptOnSecureDesktop()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetPromptOnSecureDesktop()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "PromptOnSecureDesktop")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetPromptOnSecureDesktop

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetValidateAdminCodeSignatures
; Description ...: Gets UAC Registry Key for ValidateAdminCodeSignatures.  Only elevate executables that are signed and validated.
; Syntax ........: _UAC_GetValidateAdminCodeSignatures()
; Parameters ....: None.
; Return values .: Success - Registry Value
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetValidateAdminCodeSignatures()
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ValidateAdminCodeSignatures")
    If $iReturn = "" Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_GetValidateAdminCodeSignatures

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetConsentPromptBehaviorAdmin
; Description ...: Sets UAC Registry Key for ConsentPromptBehaviorAdmin.  Behavior of the elevation prompt for administrators in Admin Approval Mode.
; Syntax ........: _UAC_SetConsentPromptBehaviorAdmin([$iValue = $UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES (5)])
; Parameters ....: $iValue - [optional] An integer value 0 to 5. Default is 5.
;                  |$UAC_ELEVATE_WITHOUT_PROMPTING(0) - Elevate without prompting (Use this option only in the most constrained environments).
;                  |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop.
;                  |$UAC_PROMPT_FOR_CONSENT_SECURE_DESKTOP (2) - Prompt for consent on the secure desktop.
;                  |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
;                  |$UAC_PROMPT_FOR_CONSENT (4) - Prompt for consent.
;                  |$UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES (5) - Prompt for consent for non-Windows binaries (default).
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetConsentPromptBehaviorAdmin($iValue = $UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    If $iValue < 0 Or $iValue > 5 Then Return SetError(-5, 0, -1)
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorAdmin", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetConsentPromptBehaviorAdmin

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetConsentPromptBehaviorUser
; Description ...: Sets UAC Registry Key for ConsentPromptBehaviorUser.  Behavior of the elevation prompt for standard users.
; Syntax ........: _UAC_SetConsentPromptBehaviorUser([$iValue = $UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_AUTOMATICALLY_DENY_ELEVATION_REQUESTS (0) - Automatically deny elevation requests.
;                  |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop (default).
;                  |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetConsentPromptBehaviorUser($iValue = $UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue = 2 Or $iValue > 3 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorUser", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetConsentPromptBehaviorUser

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableInstallerDetection
; Description ...: Sets UAC Registry Key for EnableInstallerDetection.  Detect application installations and prompt for elevation.
; Syntax ........: _UAC_SetEnableInstallerDetection([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 0.
;                  |$UAC_DISABLED (0) - Disabled (default for enterprise).
;                  |$UAC_ENABLED (1) - Enabled (default for home).
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableInstallerDetection($iValue = $UAC_DISABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableInstallerDetection", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetEnableInstallerDetection

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableLUA
; Description ...: Sets UAC Registry Key for EnableLUA. Run all administrators in Admin Approval Mode.
; Syntax ........: _UAC_SetEnableLUA([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - UAC (formally known as LUA) is disabled.
;                  |$UAC_ENABLED (1) - UAC (formally known as LUA) is enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableLUA($iValue = $UAC_ENABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetEnableLUA

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableSecureUIAPaths
; Description ...: Sets UAC Registry Key for EnableSecureUIAPaths.  Only elevate UIAccess applications that are installed in secure locations.
; Syntax ........: _UAC_SetEnableSecureUIAPaths([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableSecureUIAPaths($iValue = $UAC_ENABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableSecureUIAPaths", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetEnableSecureUIAPaths

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableUIADesktopToggle
; Description ...: Sets UAC Registry Key for EnableUIADesktopToggle.  Allow UIAccess applications to prompt for elevation without using the secure desktop.
; Syntax ........: _UAC_SetEnableUIADesktopToggle([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableUIADesktopToggle($iValue = $UAC_DISABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableUIADesktopToggle", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetEnableUIADesktopToggle

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableVirtualization
; Description ...: Sets UAC Registry Key for EnableVirtualization.  Virtualize file and registry write failures to per-user locations.
; Syntax ........: _UAC_SetEnableVirtualization([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableVirtualization($iValue = $UAC_ENABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableVirtualization", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetEnableVirtualization

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetFilterAdministratorToken
; Description ...: Sets UAC Registry Key for FilterAdministratorToken.  Admin Approval Mode for the Built-in Administrator account.
; Syntax ........: _UAC_SetFilterAdministratorToken([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetFilterAdministratorToken($iValue = $UAC_DISABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "FilterAdministratorToken", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetFilterAdministratorToken

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetPromptOnSecureDesktop
; Description ...: Sets UAC Registry Key for PromptOnSecureDesktop. Switch to the secure desktop when prompting for elevation.
; Syntax ........: _UAC_SetPromptOnSecureDesktop([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetPromptOnSecureDesktop($iValue = $UAC_ENABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "PromptOnSecureDesktop", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetPromptOnSecureDesktop

; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetValidateAdminCodeSignatures
; Description ...: Sets UAC Registry Key for ValidateAdminCodeSignatures.  Only elevate executables that are signed and validated.
; Syntax ........: _UAC_SetValidateAdminCodeSignatures([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
;                  |$UAC_DISABLED (0) - Disabled.
;                  |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
;                  Failure - -1, sets @error to:
;                  |1 - if unable to open requested key
;                  |2 - if unable to open requested main key
;                  |3 - if unable to remote connect to the registry
;                  |-1 - if unable to open requested value
;                  |-2 - if value type not supported
;                  |-3 - Current user is not Admin.
;                  |-4 - Invalid key on OS.
;                  |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetValidateAdminCodeSignatures($iValue = $UAC_DISABLED)
    If Not IsAdmin() Then Return SetError(-3, 0, -1)
    If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
    If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
    Local $s64Bit = ""
    If @OSArch = "X64" Then $s64Bit = "64"
    Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ValidateAdminCodeSignatures", "REG_DWORD", $iValue)
    If $iReturn = 0 Then $iReturn = -1
    Return SetError(@error, 0, $iReturn)
EndFunc   ;==>_UAC_SetValidateAdminCodeSignatures
 
 
Adam
 
3 people like this

Share this post


Link to post
Share on other sites



Very handy and useful. I've been needing this for a new project that I was working on. :thumbsup:

And to be honest, I didn't know UAC was this "in-depth". I only knew of a few registry keys and whatnot.

Share this post


Link to post
Share on other sites

Thanks BinaryBrother.  I'm glad you find it useful.  Sorry for the very late reply.  

 

Adam

Share this post


Link to post
Share on other sites

descriptions/comments are pure gold

Share this post


Link to post
Share on other sites

Thanks for posting this. This will be quite helpful for security and administrative purposes. I'll provide feedback.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now