11 Years of Service
51%
[HIDE-THANKS]
[/HIDE-THANKS]
Code:
>#include-once
;~ #AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
;~ #AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
;~ #Tidy_Parameters=/sf
; #INDEX# =======================================================================================================================
; Title .........: User Account Control (UAC) UDF for Windows Vista and higher.
; AutoIt Version : 3.3.6++
; UDF Version ...: 1.0
; Language ......: English
; Description ...: Get or Set UAC registry settings in Windows Vista or higher.
; Dll ...........:
; Author(s) .....: Adam Lawrence (AdamUL)
; Email .........:
; Modified ......:
; Contributors ..:
; Resources .....: http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx#BKMK_RegistryKeys
; http://www.autoitscript.com/forum/topic/122050-useful-snippets-collection-thread/page__p__847186#entry847186 (Post #1, item 8.)
; Remarks .......: #RequireAdmin and/or #AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator is needed for "Set" functions to work in this UDF.
; ===============================================================================================================================
; #CURRENT# =====================================================================================================================
;_UAC_GetConsentPromptBehaviorAdmin
;_UAC_GetConsentPromptBehaviorUser
;_UAC_GetEnableInstallerDetection
;_UAC_GetEnableLUA
;_UAC_GetEnableSecureUIAPaths
;_UAC_GetEnableUIADesktopToggle
;_UAC_GetEnableVirtualization
;_UAC_GetFilterAdministratorToken
;_UAC_GetPromptOnSecureDesktop
;_UAC_GetValidateAdminCodeSignatures
;_UAC_SetConsentPromptBehaviorAdmin
;_UAC_SetConsentPromptBehaviorUser
;_UAC_SetEnableInstallerDetection
;_UAC_SetEnableLUA
;_UAC_SetEnableSecureUIAPaths
;_UAC_SetEnableUIADesktopToggle
;_UAC_SetEnableVirtualization
;_UAC_SetFilterAdministratorToken
;_UAC_SetPromptOnSecureDesktop
;_UAC_SetValidateAdminCodeSignatures
; ===============================================================================================================================
; #CONSTANTS# ===================================================================================================================
Global Const $UAC_ELEVATE_WITHOUT_PROMPTING = 0
Global Const $UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP = 1
Global Const $UAC_PROMPT_FOR_CONSENT_SECURE_DESKTOP = 2
Global Const $UAC_PROMPT_FOR_CREDENTIALS = 3
Global Const $UAC_PROMPT_FOR_CONSENT = 4
Global Const $UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES = 5
Global Const $UAC_AUTOMATICALLY_DENY_ELEVATION_REQUESTS = 0
Global Const $UAC_DISABLED = 0
Global Const $UAC_ENABLED = 1
; ===============================================================================================================================
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetConsentPromptBehaviorAdmin
; Description ...: Gets UAC Registry Key for ConsentPromptBehaviorAdmin. Behavior of the elevation prompt for administrators in Admin Approval Mode.
; Syntax ........: _UAC_GetConsentPromptBehaviorAdmin()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_ELEVATE_WITHOUT_PROMPTING(0) - Elevate without prompting (Use this option only in the most constrained environments).
; |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop.
; |$UAC_PROMPT_FOR_CONSENT_SECURE_DESKTOP (2) - Prompt for consent on the secure desktop.
; |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
; |$UAC_PROMPT_FOR_CONSENT (4) - Prompt for consent.
; |$UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES (5) - Prompt for consent for non-Windows binaries (default).
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetConsentPromptBehaviorAdmin()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorAdmin")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetConsentPromptBehaviorAdmin
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetConsentPromptBehaviorUser
; Description ...: Gets UAC Registry Key for ConsentPromptBehaviorUser. Behavior of the elevation prompt for standard users.
; Syntax ........: _UAC_GetConsentPromptBehaviorUser()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_AUTOMATICALLY_DENY_ELEVATION_REQUESTS (0) - Automatically deny elevation requests.
; |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop (default).
; |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetConsentPromptBehaviorUser()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorUser")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetConsentPromptBehaviorUser
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableInstallerDetection
; Description ...: Gets UAC Registry Key for EnableInstallerDetection. Detect application installations and prompt for elevation.
; Syntax ........: _UAC_GetEnableInstallerDetection()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled (default for enterprise).
; |$UAC_ENABLED (1) - Enabled (default for home).
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableInstallerDetection()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableInstallerDetection")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetEnableInstallerDetection
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableLUA
; Description ...: Gets UAC Registry Key for EnableLUA. Run all administrators in Admin Approval Mode.
; Syntax ........: _UAC_GetEnableLUA()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - UAC (formally known as LUA) is disabled.
; |$UAC_ENABLED (1) - UAC (formally known as LUA) is enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableLUA()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetEnableLUA
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableSecureUIAPaths
; Description ...: Gets UAC Registry Key for EnableSecureUIAPaths. Only elevate UIAccess applications that are installed in secure locations.
; Syntax ........: _UAC_GetEnableSecureUIAPaths()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableSecureUIAPaths()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableSecureUIAPaths")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetEnableSecureUIAPaths
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableUIADesktopToggle
; Description ...: Gets UAC Registry Key for EnableUIADesktopToggle. Allow UIAccess applications to prompt for elevation without using the secure desktop.
; Syntax ........: _UAC_GetEnableUIADesktopToggle()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableUIADesktopToggle()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableUIADesktopToggle")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetEnableUIADesktopToggle
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetEnableVirtualization
; Description ...: Gets UAC Registry Key for EnableVirtualization. Virtualize file and registry write failures to per-user locations.
; Syntax ........: _UAC_GetEnableVirtualization()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetEnableVirtualization()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableVirtualization")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetEnableVirtualization
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetFilterAdministratorToken
; Description ...: Gets UAC Registry Key for FilterAdministratorToken. Admin Approval Mode for the Built-in Administrator account.
; Syntax ........: _UAC_GetFilterAdministratorToken()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetFilterAdministratorToken()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "FilterAdministratorToken")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetFilterAdministratorToken
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetPromptOnSecureDesktop
; Description ...: Gets UAC Registry Key for PromptOnSecureDesktop. Switch to the secure desktop when prompting for elevation.
; Syntax ........: _UAC_GetPromptOnSecureDesktop()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetPromptOnSecureDesktop()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "PromptOnSecureDesktop")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetPromptOnSecureDesktop
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_GetValidateAdminCodeSignatures
; Description ...: Gets UAC Registry Key for ValidateAdminCodeSignatures. Only elevate executables that are signed and validated.
; Syntax ........: _UAC_GetValidateAdminCodeSignatures()
; Parameters ....: None.
; Return values .: Success - Registry Value
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Invalid key on OS.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights not required to read the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_GetValidateAdminCodeSignatures()
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-3, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegRead("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ValidateAdminCodeSignatures")
If $iReturn = "" Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_GetValidateAdminCodeSignatures
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetConsentPromptBehaviorAdmin
; Description ...: Sets UAC Registry Key for ConsentPromptBehaviorAdmin. Behavior of the elevation prompt for administrators in Admin Approval Mode.
; Syntax ........: _UAC_SetConsentPromptBehaviorAdmin([$iValue = $UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES (5)])
; Parameters ....: $iValue - [optional] An integer value 0 to 5. Default is 5.
; |$UAC_ELEVATE_WITHOUT_PROMPTING(0) - Elevate without prompting (Use this option only in the most constrained environments).
; |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop.
; |$UAC_PROMPT_FOR_CONSENT_SECURE_DESKTOP (2) - Prompt for consent on the secure desktop.
; |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
; |$UAC_PROMPT_FOR_CONSENT (4) - Prompt for consent.
; |$UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES (5) - Prompt for consent for non-Windows binaries (default).
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetConsentPromptBehaviorAdmin($iValue = $UAC_PROMPT_FOR_CONSENT_NONWINDOWS_BINARIES)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
If $iValue < 0 Or $iValue > 5 Then Return SetError(-5, 0, -1)
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorAdmin", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetConsentPromptBehaviorAdmin
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetConsentPromptBehaviorUser
; Description ...: Sets UAC Registry Key for ConsentPromptBehaviorUser. Behavior of the elevation prompt for standard users.
; Syntax ........: _UAC_SetConsentPromptBehaviorUser([$iValue = $UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_AUTOMATICALLY_DENY_ELEVATION_REQUESTS (0) - Automatically deny elevation requests.
; |$UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP (1) - Prompt for credentials on the secure desktop (default).
; |$UAC_PROMPT_FOR_CREDENTIALS (3) - Prompt for credentials.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetConsentPromptBehaviorUser($iValue = $UAC_PROMPT_FOR_CREDENTIALS_SECURE_DESKTOP)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue = 2 Or $iValue > 3 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ConsentPromptBehaviorUser", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetConsentPromptBehaviorUser
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableInstallerDetection
; Description ...: Sets UAC Registry Key for EnableInstallerDetection. Detect application installations and prompt for elevation.
; Syntax ........: _UAC_SetEnableInstallerDetection([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 0.
; |$UAC_DISABLED (0) - Disabled (default for enterprise).
; |$UAC_ENABLED (1) - Enabled (default for home).
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableInstallerDetection($iValue = $UAC_DISABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableInstallerDetection", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetEnableInstallerDetection
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableLUA
; Description ...: Sets UAC Registry Key for EnableLUA. Run all administrators in Admin Approval Mode.
; Syntax ........: _UAC_SetEnableLUA([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - UAC (formally known as LUA) is disabled.
; |$UAC_ENABLED (1) - UAC (formally known as LUA) is enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableLUA($iValue = $UAC_ENABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetEnableLUA
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableSecureUIAPaths
; Description ...: Sets UAC Registry Key for EnableSecureUIAPaths. Only elevate UIAccess applications that are installed in secure locations.
; Syntax ........: _UAC_SetEnableSecureUIAPaths([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableSecureUIAPaths($iValue = $UAC_ENABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableSecureUIAPaths", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetEnableSecureUIAPaths
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableUIADesktopToggle
; Description ...: Sets UAC Registry Key for EnableUIADesktopToggle. Allow UIAccess applications to prompt for elevation without using the secure desktop.
; Syntax ........: _UAC_SetEnableUIADesktopToggle([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableUIADesktopToggle($iValue = $UAC_DISABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableUIADesktopToggle", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetEnableUIADesktopToggle
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetEnableVirtualization
; Description ...: Sets UAC Registry Key for EnableVirtualization. Virtualize file and registry write failures to per-user locations.
; Syntax ........: _UAC_SetEnableVirtualization([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetEnableVirtualization($iValue = $UAC_ENABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "EnableVirtualization", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetEnableVirtualization
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetFilterAdministratorToken
; Description ...: Sets UAC Registry Key for FilterAdministratorToken. Admin Approval Mode for the Built-in Administrator account.
; Syntax ........: _UAC_SetFilterAdministratorToken([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetFilterAdministratorToken($iValue = $UAC_DISABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "FilterAdministratorToken", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetFilterAdministratorToken
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetPromptOnSecureDesktop
; Description ...: Sets UAC Registry Key for PromptOnSecureDesktop. Switch to the secure desktop when prompting for elevation.
; Syntax ........: _UAC_SetPromptOnSecureDesktop([$iValue = $UAC_ENABLED (1)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetPromptOnSecureDesktop($iValue = $UAC_ENABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "PromptOnSecureDesktop", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetPromptOnSecureDesktop
; #FUNCTION# ====================================================================================================================
; Name ..........: _UAC_SetValidateAdminCodeSignatures
; Description ...: Sets UAC Registry Key for ValidateAdminCodeSignatures. Only elevate executables that are signed and validated.
; Syntax ........: _UAC_SetValidateAdminCodeSignatures([$iValue = $UAC_DISABLED (0)])
; Parameters ....: $iValue - [optional] An integer value. Default is 1.
; |$UAC_DISABLED (0) - Disabled.
; |$UAC_ENABLED (1) - Enabled.
; Return values .: Success - 1
; Failure - -1, sets @error to:
; |1 - if unable to open requested key
; |2 - if unable to open requested main key
; |3 - if unable to remote connect to the registry
; |-1 - if unable to open requested value
; |-2 - if value type not supported
; |-3 - Current user is not Admin.
; |-4 - Invalid key on OS.
; |-5 - An invaild value.
; Author ........: Adam Lawrence (AdamUL)
; Modified ......:
; Remarks .......: Admin rights required to set the value.
; Related .......:
; Link ..........:
; Example .......: No
; ===============================================================================================================================
Func _UAC_SetValidateAdminCodeSignatures($iValue = $UAC_DISABLED)
If Not IsAdmin() Then Return SetError(-3, 0, -1)
If StringRegExp(@OSVersion, "_(XP|200(0|3))") Then Return SetError(-4, 0, -1)
If $iValue < 0 Or $iValue > 1 Then Return SetError(-5, 0, -1)
Local $s64Bit = ""
If @OSArch = "X64" Then $s64Bit = "64"
Local $iReturn = RegWrite("HKEY_LOCAL_MACHINE" & $s64Bit & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "ValidateAdminCodeSignatures", "REG_DWORD", $iValue)
If $iReturn = 0 Then $iReturn = -1
Return SetError(@error, 0, $iReturn)
EndFunc ;==>_UAC_SetValidateAdminCodeSignatures