andreykaipov/uac-whitelist.ps1

## uac-whitelist.ps1
# The following script (ab)uses the Windows 10 Task Scheduler to create a UAC
# whitelist for applications.
#
# Why? Because Windows does not let you fine-tune your UAC settings. It's
# either you turn off all dialogs and risk some app messing your shit up as it
# runs in a privileged context, or you turn on notifications for everything and
# risk your sanity and hearing loss from the loud bell that chimes through your
# ears every time you want to view your CPU temps or adjust your fan speeds.
#
# Any programs added to the whitelist below will not show a UAC prompt when
# opened via the created shortcut. By doing so, you are trusting this
# application to always run in a privileged context. Microsoft security
# professional volunteers on the forums will tell you how horrible of a idea
# this is regardless, but in practice it's pretty much /etc/sudoers.
#
# Add whitelisted applications to the $whitelist map below. Keys represent the
# shortcut name, and values represent the binary you want to run in a
# privileged context. Shortcuts will be created in "C:\UAC Whitelist Shortcuts"
# Change it if you want. After pinning them to the start menu, you can
# actually delete them, as Windows will create its own shortcuts under
# "%AppData%\Roaming\Microsoft\Windows\Start Menu\Programs".

$whitelist = @{
    "HWInfo"           = "C:\Program Files (Manual)\hwmonitor_1.43\HWMonitor_x64.exe"
    "Windows Terminal" = "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe\wt.exe"
}

$tasksPath = "\UAC Whitelist"
$shortcutsDir = "C:\UAC Whitelist Shortcuts"
New-Item -Path $shortcutsDir -type Directory -ErrorAction Ignore

$user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType Interactive -RunLevel Highest

$whitelist.GetEnumerator() | ForEach-Object {
    $name = $_.Name
    $path = $_.Value

    # Create "scheduled" task
    $action = New-ScheduledTaskAction -Execute $path
    $task = New-ScheduledTask -Action $action -Principal $principal
    Register-ScheduledTask -Force -InputObject $task -TaskPath $tasksPath -TaskName $name

    # Create shortcut to run the above task
    $WshShell = New-Object -ComObject WScript.Shell
    $shortcut = $WshShell.CreateShortcut("$($shortcutsDir)\$($name).lnk")
    $shortcut.TargetPath = "C:\Windows\System32\schtasks.exe"
    $shortcut.Arguments = "/RUN /TN `"$($tasksPath)\$($name)`""
    $shortcut.IconLocation = "$($path),0"
    $shortcut.WorkingDirectory = "C:\Windows\System32"
    $shortcut.Save()
}
	# The following script (ab)uses the Windows 10 Task Scheduler to create a UAC
	# whitelist for applications.
	#
	# Why? Because Windows does not let you fine-tune your UAC settings. It's
	# either you turn off all dialogs and risk some app messing your shit up as it
	# runs in a privileged context, or you turn on notifications for everything and
	# risk your sanity and hearing loss from the loud bell that chimes through your
	# ears every time you want to view your CPU temps or adjust your fan speeds.
	#
	# Any programs added to the whitelist below will not show a UAC prompt when
	# opened via the created shortcut. By doing so, you are trusting this
	# application to always run in a privileged context. Microsoft security
	# professional volunteers on the forums will tell you how horrible of a idea
	# this is regardless, but in practice it's pretty much /etc/sudoers.
	#
	# Add whitelisted applications to the $whitelist map below. Keys represent the
	# shortcut name, and values represent the binary you want to run in a
	# privileged context. Shortcuts will be created in "C:\UAC Whitelist Shortcuts"
	# Change it if you want. After pinning them to the start menu, you can
	# actually delete them, as Windows will create its own shortcuts under
	# "%AppData%\Roaming\Microsoft\Windows\Start Menu\Programs".

	$whitelist = @{
	"HWInfo" = "C:\Program Files (Manual)\hwmonitor_1.43\HWMonitor_x64.exe"
	"Windows Terminal" = "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe\wt.exe"
	}

	$tasksPath = "\UAC Whitelist"
	$shortcutsDir = "C:\UAC Whitelist Shortcuts"
	New-Item -Path $shortcutsDir -type Directory -ErrorAction Ignore

	$user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
	$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType Interactive -RunLevel Highest

	$whitelist.GetEnumerator() \| ForEach-Object {
	$name = $_.Name
	$path = $_.Value

	# Create "scheduled" task
	$action = New-ScheduledTaskAction -Execute $path
	$task = New-ScheduledTask -Action $action -Principal $principal
	Register-ScheduledTask -Force -InputObject $task -TaskPath $tasksPath -TaskName $name

	# Create shortcut to run the above task
	$WshShell = New-Object -ComObject WScript.Shell
	$shortcut = $WshShell.CreateShortcut("$($shortcutsDir)\$($name).lnk")
	$shortcut.TargetPath = "C:\Windows\System32\schtasks.exe"
	$shortcut.Arguments = "/RUN /TN `"$($tasksPath)\$($name)`""
	$shortcut.IconLocation = "$($path),0"
	$shortcut.WorkingDirectory = "C:\Windows\System32"
	$shortcut.Save()
	}