Last active
August 14, 2023 18:35
-
-
Save andreykaipov/2ea56023060807475e981523a3e4363e to your computer and use it in GitHub Desktop.
UAC Whitelist for Windows 10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The following script (ab)uses the Windows 10 Task Scheduler to create a UAC | |
# whitelist for applications. | |
# | |
# Why? Because Windows does not let you fine-tune your UAC settings. It's | |
# either you turn off all dialogs and risk some app messing your shit up as it | |
# runs in a privileged context, or you turn on notifications for everything and | |
# risk your sanity and hearing loss from the loud bell that chimes through your | |
# ears every time you want to view your CPU temps or adjust your fan speeds. | |
# | |
# Any programs added to the whitelist below will not show a UAC prompt when | |
# opened via the created shortcut. By doing so, you are trusting this | |
# application to always run in a privileged context. Microsoft security | |
# professional volunteers on the forums will tell you how horrible of a idea | |
# this is regardless, but in practice it's pretty much /etc/sudoers. | |
# | |
# Add whitelisted applications to the $whitelist map below. Keys represent the | |
# shortcut name, and values represent the binary you want to run in a | |
# privileged context. Shortcuts will be created in "C:\UAC Whitelist Shortcuts" | |
# Change it if you want. After pinning them to the start menu, you can | |
# actually delete them, as Windows will create its own shortcuts under | |
# "%AppData%\Roaming\Microsoft\Windows\Start Menu\Programs". | |
$whitelist = @{ | |
"HWInfo" = "C:\Program Files (Manual)\hwmonitor_1.43\HWMonitor_x64.exe" | |
"Windows Terminal" = "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe\wt.exe" | |
} | |
$tasksPath = "\UAC Whitelist" | |
$shortcutsDir = "C:\UAC Whitelist Shortcuts" | |
New-Item -Path $shortcutsDir -type Directory -ErrorAction Ignore | |
$user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name | |
$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType Interactive -RunLevel Highest | |
$whitelist.GetEnumerator() | ForEach-Object { | |
$name = $_.Name | |
$path = $_.Value | |
# Create "scheduled" task | |
$action = New-ScheduledTaskAction -Execute $path | |
$task = New-ScheduledTask -Action $action -Principal $principal | |
Register-ScheduledTask -Force -InputObject $task -TaskPath $tasksPath -TaskName $name | |
# Create shortcut to run the above task | |
$WshShell = New-Object -ComObject WScript.Shell | |
$shortcut = $WshShell.CreateShortcut("$($shortcutsDir)\$($name).lnk") | |
$shortcut.TargetPath = "C:\Windows\System32\schtasks.exe" | |
$shortcut.Arguments = "/RUN /TN `"$($tasksPath)\$($name)`"" | |
$shortcut.IconLocation = "$($path),0" | |
$shortcut.WorkingDirectory = "C:\Windows\System32" | |
$shortcut.Save() | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment