• Disable User Account Control using batch file?

    Home » Forums » Developers, developers, developers » DevOps Lounge » Disable User Account Control using batch file?

    • This topic has 14 replies, 5 voices, and was last updated 10 years ago.
    Author
    Topic
    WSGiddyUpGo
    AskWoody Lounger
    May 7, 2015 at 7:10 pm #499834

    I have several batch files that I use for Programs cleanups, backups, etc.
    I have to set User Account Control’s to “Never Notify” before the batch files will run.
    Is there a way to insert a command in the batch files, let the file run, and then reset the User Account Control back to the top?
    I now have to set the control to “Never Notify”, run the batch files, then reboot to change the control back for protection.

    My Master Batch file to run the other batch files is:

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    MODE CON: COLS=80 LINES=45
    @echo off
    cls
    goto begin
    This Menu controls LRBATCH.BAT, BACKUP.BAT, CLEANUP.BAT and RESTORE.BAT files.

    :begin
    cls
    echo.
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
    echo ÛÛÛÛÛÛÛÛÛÛ === Preventative Maintenance === ÛÛÛÛÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛ 1 – Rejuvenate (Clean) Computer ÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛ 2 – Backup Computer ÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛ 3 – Restore Computer ÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±
    echo ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ±±
    echo ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
    echo Enter Selection Number, or Press ESC to Quit:
    :getchoice
    choose
    if errorlevel 27 goto end
    if errorlevel 5 goto getchoice
    if errorlevel 3 goto choice3
    if errorlevel 2 goto choice2
    :choice1
    cls
    echo Choice #1
    c:CleanUp.bat
    cls
    :choice2
    cls
    echo Choice #2
    c:BackUp.bat
    :choice3
    cls
    echo Choice #3
    c:Restore.bat

    :end
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    I run my computer as Administrator. W7 32bit

    Reply | Quote
    Viewing 11 reply threads
    Author
    Replies
    • BATcher
      AskWoody_MVP
      May 8, 2015 at 1:00 am #1503577

      Other than running the individual BATch files as scheduled tasks (where you have no user choice input) there is the paid-for Hidden Start (Hstart) program.

      Might not be worth it for just a small number of BATch files, though.

      BATcher

      Plethora means a lot to me.

      Reply | Quote
    • WSGiddyUpGo
      AskWoody Lounger
      May 8, 2015 at 5:51 pm #1503699

      Actually, you could run the batch file as a task in Task Manager without the need to change UAC at all.

      1. Create a new task.

      2. In the General tab, select Run with highest privileges.

      3. In the Actions tab, Program/Script text box, enter the full path and name of the script (i.e. “C:UsersYour User NameScriptsBatch File To Run.bat”. Easiest way is to use the Browse button.

      Thank you jwoods for your reply.
      My w7 Pro does not show the General tab and my users does not show my batch file.
      I can create the Start Task Manager’s New Task file OK, but it will only open my Batch file and then close it without it running.
      I can manually run Start Task Manager, using New Task, and my batch file will run without any UAC prompts…perfect calling the other batch files and they will also run.
      I cannot get the auto Start Task Manager to work. I receive no errors message.

      Reply | Quote
    • RetiredGeek
      AskWoody_MVP
      May 8, 2015 at 7:02 pm #1503707

      GUG,

      To run your cmd file from the the Task Scheduler setup the action page like this.

      40522-uacfreecmd

      Of course you’ll replace the value after the /c to reflect the information for your batch file.

      Don’t forget to check the “Run with highest privledges” box on the General Tab.

      HTH :cheers:

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      Reply | Quote
    • sb06794
      AskWoody Plus
      May 14, 2015 at 1:51 pm #1504505

      To answer the original question: This is how you do it:

      1. Create a file as follows called “UAC_Level-1.reg” (without the quotes):
      Windows Registry Editor Version 5.00
      ; Created by: Shawn Brink
      ; http://www.sevenforums.com
      ; Tutorial: http://www.sevenforums.com/tutorials/299-user-account-control-uac-change-notification-settings.html
      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]
      “ConsentPromptBehaviorAdmin”=dword:00000002
      “EnableLUA”=dword:00000001
      “PromptOnSecureDesktop”=dword:00000001

      2. Create a file as follows called “UAC_Level-2_Default.reg” (without the quotes):
      Windows Registry Editor Version 5.00
      ; Created by: Shawn Brink
      ; http://www.sevenforums.com
      ; Tutorial: http://www.sevenforums.com/tutorials/299-user-account-control-uac-change-notification-settings.html
      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]
      “ConsentPromptBehaviorAdmin”=dword:00000005
      “EnableLUA”=dword:00000001
      “PromptOnSecureDesktop”=dword:00000001

      3. Create a file as follows called “UAC_Level-3_No_Dim.reg” (without the quotes):
      Windows Registry Editor Version 5.00
      ; Created by: Shawn Brink
      ; http://www.sevenforums.com
      ; Tutorial: http://www.sevenforums.com/tutorials/299-user-account-control-uac-change-notification-settings.html
      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]
      “ConsentPromptBehaviorAdmin”=dword:00000005
      “EnableLUA”=dword:00000001
      “PromptOnSecureDesktop”=dword:00000000

      4. Create a file as follows called “UAC_Level-4_Disable.reg” (without the quotes):
      Windows Registry Editor Version 5.00
      ; Created by: Shawn Brink
      ; http://www.sevenforums.com
      ; Tutorial: http://www.sevenforums.com/tutorials/299-user-account-control-uac-change-notification-settings.html
      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]
      “ConsentPromptBehaviorAdmin”=dword:00000000
      “EnableLUA”=dword:00000000
      “PromptOnSecureDesktop”=dword:00000000

      Now, in your BAT file add a CD command to take you to the directory where the 4 files above are stored. Depending on what level UAC you want, simply add this line (for example) to your BAT file:

      Start regedit.exe /s UAC_Level-2_Default.reg

      The above line can be adjusted to whichever of the 4 UAC levels you desire.

      Stu

      Reply | Quote
    • WSGiddyUpGo
      AskWoody Lounger
      May 14, 2015 at 10:21 pm #1504574

      Thank You sb06794!
      I make the default.reg file from your instructions.
      After I made a new desktop .Bat Icon, this works like I wanted, perfect!
      Everything I tried before would only work part way, not letting the called .bat files to work all of the way.

      Reply | Quote
    • sb06794
      AskWoody Plus
      May 15, 2015 at 4:08 pm #1504800

      You’re welcome GiddyUpGo!

      I’m of the belief that .Bat files are WAY underrated. It’s truly amazing what can be done with them. Most people are not aware of most of their capabilities. I’m glad I could help.
      Stu

      Reply | Quote
    • BATcher
      AskWoody_MVP
      May 16, 2015 at 2:27 am #1504886

      I think a fair amount of acknowledgement should be made to Shawn Brink, of Seven (and subsequent) Forums.
      He produces a large amount of excellent stuff, and his sites are well worth visiting!

      BATcher

      Plethora means a lot to me.

      Reply | Quote
      • sb06794
        AskWoody Plus
        May 16, 2015 at 8:24 am #1504916

        I think a fair amount of acknowledgement should be made to Shawn Brink, of Seven (and subsequent) Forums.
        He produces a large amount of excellent stuff, and his sites are well worth visiting!

        BATcher,
        I 100% agree with you. I obviously (see embedded comments in “.reg” files) learned how to do it from Shawn. I know of no other way to change the UAC with a BAT file.
        Stu

        Reply | Quote
    • RetiredGeek
      AskWoody_MVP
      May 16, 2015 at 4:23 pm #1504988

      Hey Y’all,

      Ok you guys got me to thinking again…you know what that means another PowerShell project to help me learn. So I said to my self why have 4 programs/bat files when you can it with one PowerShell program?

      So here is what I came up with.

      Name this one Set-UACLevel.ps1

      Code:
      
function Add-Row 
 {
  param (
         [int]$Level,
         [string]$Name,
         [int]$Value
        ) 
 
  #Create Row Variable 
      $UACRow = $UACTable.NewRow()
  #Assign items to row variable
      $UACRow.Level = $Level
      $UACRow.Name = $Name
      $UACRow.Value = $Value
  #Add Row to Table using Row Variable
      $UACTable.Rows.Add($UACRow)
}

function Get-CurrentUAC
{
  $EnableLUA = Get-ItemProperty -Path $UPath `
      -Name EnableLUA

  $CPBA = Get-ItemProperty -Path $UPath `
      -Name ConsentPromptBehaviorAdmin

  $POSD = Get-ItemProperty -Path $UPath `
      -Name PromptOnSecureDesktop

  if ($EnableLUA.EnableLUA -eq 0) {
    $UACStatus = "OFF"
  }
  Else {
    $UACStatus = "ON"
  }

  Write-Host "Current Settings: $UACStatus"
  Write-Host "EnableLUA: $($EnableLUA.EnableLUA)"
  Write-Host "Prompt Behavior: $($CPBA.ConsentPromptBehaviorAdmin)"
  Write-Host "Prompt on Secure Desktop: $($POSD.PromptOnSecureDesktop)"

}  #End function Get-CurrentUAC

Clear-Host

# Create Table
  $UACTable = New-Object system.Data.DataTable "UAC Information"
#Create Columns for table 
  $UACcol1 = New-Object system.Data.DataColumn Level,([int])       
  $UACcol2 = New-Object system.Data.DataColumn Name,([string])
  $UACcol3 = New-Object System.Data.DataColumn Value,([int])
#Add Columns to table
  $UACTable.columns.add($UACcol1)
  $UACTable.columns.add($UACcol2)
  $UACTable.columns.add($UACcol3)

# UAC Level 1 Values
  Add-Row -Level 1 -Name 'EnableLUA' -Value 1
  Add-Row -Level 1 -Name 'ConsentPromptBehaviorAdmin' -Value 2
  Add-Row -Level 1 -Name 'PromptOnSecureDesktop' -Value 1

# UAC Level 2 Values
  Add-Row -Level 2 -Name 'EnableLUA' -Value 1
  Add-Row -Level 2 -Name 'ConsentPromptBehaviorAdmin' -Value 5
  Add-Row -Level 2 -Name 'PromptOnSecureDesktop' -Value 1

# UAC Level 3 Values
  Add-Row -Level 3 -Name 'EnableLUA' -Value 1
  Add-Row -Level 3 -Name 'ConsentPromptBehaviorAdmin' -Value 5
  Add-Row -Level 3 -Name 'PromptOnSecureDesktop' -Value 0

# UAC Level 4 Values
  Add-Row -Level 4 -Name 'EnableLUA' -Value 0
  Add-Row -Level 4 -Name 'ConsentPromptBehaviorAdmin' -Value 0
  Add-Row -Level 4 -Name 'PromptOnSecureDesktop' -Value 0
 
$UPath = `
 "registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem"

Get-CurrentUAC
$ans = Read-Host "`nType UAC Level 1-4 `nor 0 to Exit and press the Enter Key"

If ($ans -ge 0 -and $ans -le 4) {

  If ($ans -gt 0) {
    ForEach ($Item in $UACTable) {
      if ($Item.Level -eq $ans) {
        Set-ItemProperty -Path $UPath -Name $Item.Name -Value $Item.Value  
       }
    } #ForEach ($Item)

    Write-Host "`nUAC set to Level $ans `n"
    Get-CurrentUAC

  }   #End If ($ans -gt 0)
  Else {
         Write-Host "User selected Exit"
  }
}
Else {
       Write-Host "$ans is an invalid entry!"
}

 Sleep 5   #Give user 5 seconds to read message!

      Of course this does require Admin Privleges so I found (via google) a way to write a batch file that will run any powershell script as Admin as long as the script and the .bat are in the same directory and have the same filename (not file type of course)!

      Name this one Set-UACLevel.bat

      Code:
      PowerShell.exe -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -File ""%~dpn0.ps1""' -Verb RunAs}"

      In lieu of the .bat file you could create a scheduled task to accomplish the same thing.

      In either case don’t forget to create a shortcut to the .bat file or scheduled task on your desktop for easy access!

      Any suggestions are welcome.

      BTW: keep an eye on the notification balloons that will tell you when you need to reboot for the settings to take effect!

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      Reply | Quote
    • Paul T
      AskWoody MVP
      May 17, 2015 at 1:31 am #1505036

      You didn’t capture the balloon notification and offer to restart?

      cheers, Paul

      Reply | Quote
    • RetiredGeek
      AskWoody_MVP
      May 17, 2015 at 9:12 am #1505060

      Paul,

      I don’t know how to do that yet. Care to make the mods so I can learn? :cheers:

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      Reply | Quote
    • RetiredGeek
      AskWoody_MVP
      May 18, 2015 at 10:09 am #1505211

      Hey Y’all,

      New improved version with input error checking and better messages.

      Code:
      
function Add-Row 
 {
  param (
         [int]$Level,
         [string]$Name,
         [int]$Value
        ) 
 
  #Create Row Variable 
      $UACRow = $UACTable.NewRow()
  #Assign items to row variable
      $UACRow.Level = $Level
      $UACRow.Name = $Name
      $UACRow.Value = $Value
  #Add Row to Table using Row Variable
      $UACTable.Rows.Add($UACRow)
}

function Get-CurrentUAC
{
  $EnableLUA = Get-ItemProperty -Path $UPath `
      -Name EnableLUA

  $CPBA = Get-ItemProperty -Path $UPath `
      -Name ConsentPromptBehaviorAdmin

  $POSD = Get-ItemProperty -Path $UPath `
      -Name PromptOnSecureDesktop

  if ($EnableLUA.EnableLUA -eq 0) {
    $UACStatus = "OFF"
    $UACLevel = 4
  }
  Else {
    $UACStatus = "ON"
    if ($POSD.PromptOnSecureDesktop -eq 0) {
      $UACLevel = 3
    }
    Else {
          if ($CPBA.ConsentPromptBehaviorAdmin -eq 5) {
            $UACLevel = 2
          }
          Else {
                 $UACLevel = 1
          }
    }
  }

  Write-Host "`nUAC is $UACStatus Level: $UACLevel`n"
  Write-Host "Settings:"
  Write-Host "`tEnableLUA: $($EnableLUA.EnableLUA)"
  Write-Host "`tPrompt Behavior: $($CPBA.ConsentPromptBehaviorAdmin)"
  Write-Host "`tPrompt on Secure Desktop: $($POSD.PromptOnSecureDesktop)"

}  #function Get-CurrentUAC

Clear-Host

# Create Table
  $UACTable = New-Object system.Data.DataTable "UAC Information"
#Create Columns for table 
  $UACcol1 = New-Object system.Data.DataColumn Level,([int])       
  $UACcol2 = New-Object system.Data.DataColumn Name,([string])
  $UACcol3 = New-Object System.Data.DataColumn Value,([int])
#Add Columns to table
  $UACTable.columns.add($UACcol1)
  $UACTable.columns.add($UACcol2)
  $UACTable.columns.add($UACcol3)

# UAC Level 1 Values
  Add-Row -Level 1 -Name 'EnableLUA' -Value 1
  Add-Row -Level 1 -Name 'ConsentPromptBehaviorAdmin' -Value 2
  Add-Row -Level 1 -Name 'PromptOnSecureDesktop' -Value 1

# UAC Level 2 Values
  Add-Row -Level 2 -Name 'EnableLUA' -Value 1
  Add-Row -Level 2 -Name 'ConsentPromptBehaviorAdmin' -Value 5
  Add-Row -Level 2 -Name 'PromptOnSecureDesktop' -Value 1

# UAC Level 3 Values
  Add-Row -Level 3 -Name 'EnableLUA' -Value 1
  Add-Row -Level 3 -Name 'ConsentPromptBehaviorAdmin' -Value 5
  Add-Row -Level 3 -Name 'PromptOnSecureDesktop' -Value 0

# UAC Level 4 Values
  Add-Row -Level 4 -Name 'EnableLUA' -Value 0
  Add-Row -Level 4 -Name 'ConsentPromptBehaviorAdmin' -Value 0
  Add-Row -Level 4 -Name 'PromptOnSecureDesktop' -Value 0
 
$UPath = `
 "registry::HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionpoliciessystem"

Get-CurrentUAC

do {
    try {
        $numOk = $true
        [int]$NewUACLevel = Read-host "`nType UAC Level 1-4 `nor 0 to Exit and press the Enter Key"
        } # end try
    catch {$numOK = $false}
    } # end do 
until (($NewUACLevel -ge 0 -and $NewUACLevel -le 4) -and $numOK)

  If ($NewUACLevel -gt 0) {
    
    ForEach ($Item in $UACTable) {
      if ($Item.Level -eq $NewUACLevel) {
        Set-ItemProperty -Path $UPath -Name $Item.Name -Value $Item.Value  
       }
    } #ForEach ($Item)

    Get-CurrentUAC

  }   #End If ($NewUACLevel -gt 0)
  Else {
         Write-Host "`nUser Selected Exit"
  }

 Sleep 5   #Give user 5 seconds to read message

      HTH :cheers:

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      Reply | Quote
    • RetiredGeek
      AskWoody_MVP
      May 18, 2015 at 5:49 pm #1505268

      Paul,

      The solution is longer than my code! I’ll digest this code but for now the user can watch the balloon messages! :cheers:

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      Reply | Quote
    Viewing 11 reply threads
    Reply To: Disable User Account Control using batch file?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.