diff --git a/Check_scripts/Win - UAC status report.ps1 b/Check_scripts/Win - UAC status report.ps1 new file mode 100644 index 0000000..ace18a7 --- /dev/null +++ b/Check_scripts/Win - UAC status report.ps1 @@ -0,0 +1,51 @@ +<# + .SYNOPSIS + Check the status of Windows UAC and report back to TRMM + + .DESCRIPTION + This script will check the status of UAC and report this back, this script shoudl be deployed as a Check Script. + With this configuration you will only receive an error on you check when UAC is turned off completely. + + .OUTPUTS + The script will return the obtained values" + + Options are: + "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(default)" + "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" + "UAC is Enabled, Always notIfy" + "UAC is Disabled" + + .EXAMPLE + + .NOTES + Source: Tactical RMM repository + + .CHANGELOG + 24-06-2022 - Copied from TRMM repo + 27-06-2022 - Added additional Elsif Statement for "Enabled but do not dimm my desktop" +#> + +#region Parameters, functions and global variables + $ErrorActionPreference = 'silentlycontinue' + $PSDenabled = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).PromptOnSecureDesktop + $CPAenabled = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).ConsentPromptBehaviorAdmin +#endregion +#region script + if ($PSDenabled -Eq 1 -And $CPAenabled -Eq 5) { + Write-Output "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(default)" + exit 0 + } + elseif ($PSDenabled -Eq 0 -And $CPAenabled -Eq 5) { + Write-Output "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" + exit 0 + } + elseif ($PSDenabled -Eq 1 -And $CPAenabled -Eq 2) { + Write-Output "UAC is Enabled, Always notIfy" + exit 0 + } + else { + Write-Output "UAC is Disabled" + exit 1 + } + Exit $LASTEXITCODE +#endregion \ No newline at end of file