Set UAC Level with PowerShell

Solution 1

There are several registry values that control User Account Control:

1. FilterAdministratorToken
2. ConsentPromptBehaviorAdmin
3. ConsentPromptBehaviorUser
4. EnableInstallerDetection
5. ValidateAdminCodeSignatures
6. EnableLUA
7. PromptOnSecureDesktop
8. EnableVirtualization

The combination of these values is what controls the slider in the GUI, or vice-versa.

Reference: http://msdn.microsoft.com/en-us/library/cc232771.aspx

Solution 2

Actually there already existed a takeaway powershell script to you can make use of.

You can easily find them in How to switch UAC level

Hopefully, it can help.

Edit

The code form the mentioned Microsoft Technet site implements these cmdlets:

• Set-UACLevel()
• Get-UACLevel()

But they are not confirmed for this OS (12. Jan. 2017):

• Windows Server 2012 R2
• Windows Server 2008
• Windows 7

Code snippet:

New-Variable -Name Key 
New-Variable -Name PromptOnSecureDesktop_Name 
New-Variable -Name ConsentPromptBehaviorAdmin_Name 

Function Set-RegistryValue($key, $name, $value, $type="Dword") {  
  If ((Test-Path -Path $key) -Eq $false) { New-Item -ItemType Directory -Path $key | Out-Null }  
       Set-ItemProperty -Path $key -Name $name -Value $value -Type $type  
}  

Function Get-RegistryValue($key, $value) {  
   (Get-ItemProperty $key $value).$value  
}  

$Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" 
$ConsentPromptBehaviorAdmin_Name = "ConsentPromptBehaviorAdmin" 
$PromptOnSecureDesktop_Name = "PromptOnSecureDesktop" 

Function Get-UACLevel(){ 
    $ConsentPromptBehaviorAdmin_Value = Get-RegistryValue $Key $ConsentPromptBehaviorAdmin_Name 
    $PromptOnSecureDesktop_Value = Get-RegistryValue $Key $PromptOnSecureDesktop_Name 
    If($ConsentPromptBehaviorAdmin_Value -Eq 0 -And $PromptOnSecureDesktop_Value -Eq 0){ 
        "Never notIfy" 
    } 
    ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 0){ 
        "NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" 
    } 
    ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 5 -And $PromptOnSecureDesktop_Value -Eq 1){ 
        "NotIfy me only when apps try to make changes to my computer(default)" 
    } 
    ElseIf($ConsentPromptBehaviorAdmin_Value -Eq 2 -And $PromptOnSecureDesktop_Value -Eq 1){ 
        "Always notIfy" 
    } 
    Else{ 
        "Unknown" 
    } 
} 

Function Set-UACLevel() { 
    Param([int]$Level= 2) 

    New-Variable -Name PromptOnSecureDesktop_Value 
    New-Variable -Name ConsentPromptBehaviorAdmin_Value 

    If($Level -In 0, 1, 2, 3) { 
        $ConsentPromptBehaviorAdmin_Value = 5 
        $PromptOnSecureDesktop_Value = 1 
        Switch ($Level)  
        {  
          0 { 
              $ConsentPromptBehaviorAdmin_Value = 0  
              $PromptOnSecureDesktop_Value = 0 
          }  
          1 { 
              $ConsentPromptBehaviorAdmin_Value = 5  
              $PromptOnSecureDesktop_Value = 0 
          }  
          2 { 
              $ConsentPromptBehaviorAdmin_Value = 5  
              $PromptOnSecureDesktop_Value = 1 
          }  
          3 { 
              $ConsentPromptBehaviorAdmin_Value = 2  
              $PromptOnSecureDesktop_Value = 1 
          }  
        } 
        Set-RegistryValue -Key $Key -Name $ConsentPromptBehaviorAdmin_Name -Value $ConsentPromptBehaviorAdmin_Value 
        Set-RegistryValue -Key $Key -Name $PromptOnSecureDesktop_Name -Value $PromptOnSecureDesktop_Value 

        Get-UACLevel 
    } 
    Else{ 
        "No supported level" 
    } 

} 

Export-ModuleMember -Function Get-UACLevel 
Export-ModuleMember -Function Set-UACLevel

Solution 3

Thank you very much, I got it. The following .REG file will set the UAC to Level 2.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"FilterAdministratorToken"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000000
"FilterAdministratorToken"=dword:00000000

Related videos on Youtube

08 : 49

Promptless UAC Bypass & Powershell Privilege Escalation techniques - Hak5 2510

Hak5

68

03 : 39

Set UAC Level with PowerShell (4 Solutions!!)

Roel Van de Paar

65

01 : 22 : 13

Active Directory automation with PowerShell

Server Academy

52

01 : 54

Set Powershell to Run as Admin

Joe Waldin

26

00 : 53

Privilege Escalation Technique in Windows 10 - UAC RunAs Powershell

Metasploitation

6

Author by

Jente

Updated on September 18, 2022