From 0f203caaa7649523ad0a45618d46793392355bb9 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Thu, 29 Jun 2023 01:51:30 +0200 Subject: [PATCH] Try fixing UAC properly --- scripts/Windows/OS/User.ps1 | 42 ++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/scripts/Windows/OS/User.ps1 b/scripts/Windows/OS/User.ps1 index 0dfa0b78..6e41eff2 100644 --- a/scripts/Windows/OS/User.ps1 +++ b/scripts/Windows/OS/User.ps1 @@ -34,11 +34,8 @@ function New-PersonalUser([Context] $context) Rename-LocalUser $user $context.UserName; Add-LocalGroupMember -Group "Administrators" -Member $user && Set-LocalUser $context.AdminName -Password (ConvertTo-SecureString -AsPlainText "Admin") && Disable-LocalUser $context.AdminName; - Write-Host "Registering setup script for all new users"; - $context.RegisterNewUserReboot(); - Write-Information "Enabling UAC for the next login (Microsoft Account login won't work otherwise, lol)"; - Enable-UACNextLogin; + Enable-UACNextLogin $context; Write-Information "Disabling Auto login"; $context.RemoveAutologin(); @@ -70,33 +67,40 @@ function New-PersonalUser([Context] $context) } } -function Enable-UACNextLogin() { +function Get-SystemPolicyKey() { + [OutputType([Microsoft.Win32.RegistryKey])] + param() $keyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"; - $propertyName = "EnableLUA"; - $null = Set-ItemProperty "$keyPath" -Name "$propertyName" -Value 1; + return Get-Item "$keyPath"; +} + +function Get-UACState() { + return Get-ItemPropertyValue -Path (Get-SystemPolicyKey).PSPath -Name "EnableLUA"; +} + +function Set-UACState([bool] $value) { + $null = Set-ItemProperty -Path (Get-SystemPolicyKey).PSPath -Name "EnableLUA" -Value [int]$value; +} + +function Enable-UACNextLogin([Context] $context) { + Set-UACState $true; $action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument ( [string]::Join( " ", @( "-c", - "Set-ItemProperty `"$keyPath`" -Name `"$propertyName`" -Value 0;"))); + "Set-ItemProperty `"$keyPath`" -Name `"$propertyName`" -Value 0;", + "Unregister-ScheduledTask -Force $uacDisablerName;", + ". `"$PSScriptRoot/../Scripts/Context.ps1`";", + "`$context = [Context]::new();", + "`$context.EntryPoint = `"$($context.EntryPoint)`";", + "`$context.RegisterReboot((Get-Item `"Registry::HKEY_USERS\$((Get-LocalUser $context.UserName).SID)))"))); $trigger = New-ScheduledTaskTrigger -AtLogOn; $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest; $task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger; $null = Register-ScheduledTask $uacDisablerName -InputObject $task; - - $action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument ( - [string]::Join( - " ", - @( - "-c", - "Unregister-ScheduledTask -Force $uacDisablerName;", - "Unregister-ScheduledTask -Force $cleanupName;"))); - - $task = New-ScheduledTask -Action $action -Principal $principal; - $null = Register-ScheduledTask $cleanupName -InputObject $task; } function Enable-CurrentUserAutologon([Context] $context)