<# .SYNOPSIS Check the status of Windows UAC and report back to TRMM .DESCRIPTION This script will check the status of UAC and report this back, this script shoudl be deployed as a Check Script. With this configuration you will only receive an error on you check when UAC is turned off completely. .OUTPUTS The script will return the obtained values" Options are: "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(default)" "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" "UAC is Enabled, Always notIfy" "UAC is Disabled" .EXAMPLE .NOTES Source: Tactical RMM repository .CHANGELOG 24-06-2022 - Copied from TRMM repo 27-06-2022 - Added additional Elsif Statement for "Enabled but do not dimm my desktop" #> #region Parameters, functions and global variables $ErrorActionPreference = 'silentlycontinue' $PSDenabled = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).PromptOnSecureDesktop $CPAenabled = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).ConsentPromptBehaviorAdmin #endregion #region script if ($PSDenabled -Eq 1 -And $CPAenabled -Eq 5) { Write-Output "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(default)" exit 0 } elseif ($PSDenabled -Eq 0 -And $CPAenabled -Eq 5) { Write-Output "UAC is Enabled, NotIfy me only when apps try to make changes to my computer(do not dim my desktop)" exit 0 } elseif ($PSDenabled -Eq 1 -And $CPAenabled -Eq 2) { Write-Output "UAC is Enabled, Always notIfy" exit 0 } else { Write-Output "UAC is Disabled" exit 1 } Exit $LASTEXITCODE #endregion