The introduction of User Account Control (UAC) on Windows Vista (and, subsequently, on Windows Server 2008) demonstrated a complete turnaround as far as Microsoft's strategy on handling administrative privileges is concerned. In contrast, during the initial installation of Microsoft Windows® XP, the Windows XP Setup Wizard creates all user accounts as local administrators. This meant that these users and ensuing users who are added to the local administrators group, having system-level privileges, are able to install, update, and run software.
UAC on Vista and Windows Server 2008 forces users who are members of the local administrators group to run like they were regular users with no administrative privileges. This feature automatically reduces the potential of security breeches in the system. For example, if a user runs an application which in turn tries to modify, say, the firewall settings, the system will trigger an UAC prompt (either a confirmation dialog or a UAC credentials dialog) and the user can choose to proceed with the action or not.
I have written a script that turns on or off the UAC on a Vista machine:
The script checks for the value (DWORD) of EnableLUA on the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System key in the registry. It displays the setting to the user (enabled or disabled) and prompts him to change or ignore this setting.
If the user chooses to modify the setting (for example, disabling it), the script will modify the registry value and pops-up a MsgBox informing the user that the change requires a reboot. The script will not trigger a reboot although this functionality should be very easy to incorporate within the script itself.
A function (Getanswer) and a sub procedure (SwitchValue) are called within the script. Two parameters are passed to the function Getanswer, the string strstatus and strset, and it returns the user's response to the MsgBox invoked (6 = OK, 7 = No, 2 = Cancel).
The SwitchValue sub procedure switches the value of the strValue variable (which stores the EnableLUA value extracted from the registry). If the value of strValue is 1, it is changed to 0, and vice versa.
3 comments:
nice one, thanks allot, as doing it manually everytime is very disturbing.
Can you upload it as TXT file,plz?
Thanks for the comment.
You can download the script from this link:
http://cid-72fad3e3f2ab178d.skydrive.live.com/self.aspx/Scripting-Technet/Disable-UAC.vbs
many thanks again
Post a Comment