diff --git a/scripts/Windows/OS/User.ps1 b/scripts/Windows/OS/User.ps1 index 64689800..c303ff29 100644 --- a/scripts/Windows/OS/User.ps1 +++ b/scripts/Windows/OS/User.ps1 @@ -1,5 +1,5 @@ . "$PSScriptRoot/../Scripts/Context.ps1"; -$taskTrigger = 1337; +$uacDisablerTriggerProperty = "UACDisablerTrigger"; function New-PersonalUser([Context] $context) { @@ -52,7 +52,7 @@ function New-PersonalUser([Context] $context) Get-CimInstance -ClassName "Win32_UserProfile" -Filter "SID = $((Get-LocalUser $context.AdminName).SID)" | Remove-CimInstance; $context.RegisterReboot(); $context.RemoveStage(); - Write-EventLog -LogName Application -Source "Application" -EventId $taskTrigger -Message "This event was created by $env:Username"; + Write-EventLog -LogName Application -Source "Application" -EventId $context.Get($uacDisablerTriggerProperty) -Message "This event was created by $env:Username"; exit; } } @@ -76,7 +76,10 @@ function Enable-UACNextLogin([Context] $context) { Set-UACState $true; $tempTask = "PortValhalla Temp"; $uacDisablerName = "PortValhalla UAC Disabler"; + $uacDisablerTrigger = Get-Random; + $key = Get-SystemPolicyKey; + $context.Set($uacDisablerTriggerProperty, $uacDisablerTrigger, "DWord"); $action = New-ScheduledTaskAction -Execute "pwsh.exe" -Argument ( [string]::Join( @@ -90,7 +93,7 @@ function Enable-UACNextLogin([Context] $context) { "`$context.DeregisterNewUserReboot();", "Restart-Computer -Force;"))); - schtasks /Create /SC ONEVENT /EC Application /MO "*[System[Provider[@Name='Application'] and EventID=$taskTrigger]]" /TR cmd.exe /TN "$tempTask"; + schtasks /Create /SC ONEVENT /EC Application /MO "*[System[Provider[@Name='Application'] and EventID=$uacDisablerTrigger]]" /TR cmd.exe /TN "$tempTask"; $trigger = (Get-ScheduledTask $tempTask).Triggers; $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest; $task = New-ScheduledTask -Action $action -Principal $principal -Trigger $trigger;