{"id":263461,"date":"2024-05-29T23:58:23","date_gmt":"2024-05-29T23:58:23","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=263461"},"modified":"2024-05-29T23:58:23","modified_gmt":"2024-05-29T23:58:23","slug":"audits-du-controle-de-compte-d-utilisateur-uac-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/audits-du-controle-de-compte-d-utilisateur-uac-powershell\/","title":{"rendered":"Simplifier les audits du contr\u00f4le de compte d&rsquo;utilisateur (UAC) dans Windows avec PowerShell"},"content":{"rendered":"<h2>Points \u00e0 retenir<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Audit automatis\u00e9 du contr\u00f4le de compte d&rsquo;utilisateur (UAC) <\/strong>: Le script offre une solution automatis\u00e9e pour l&rsquo;audit des param\u00e8tres du contr\u00f4le de compte d&rsquo;utilisateur sur les syst\u00e8mes Windows.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>S\u00e9curit\u00e9 renforc\u00e9e<\/strong>: En veillant \u00e0 ce que les param\u00e8tres de l&rsquo;UAC soient conformes aux normes de s\u00e9curit\u00e9, le script renforce consid\u00e9rablement la s\u00e9curit\u00e9 du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Enregistrement des champs personnalis\u00e9s<\/strong>: S&rsquo;int\u00e8gre \u00e0 NinjaOne pour enregistrer les niveaux UAC dans des champs personnalis\u00e9s, am\u00e9liorant ainsi la tenue des registres et la cr\u00e9ation de rapports.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Compatibilit\u00e9 Windows 7 et les versions ult\u00e9rieures<\/strong>: Le script est compatible avec Windows 7, Windows Server 2012 et les versions plus r\u00e9centes.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>Privil\u00e8ges d&rsquo;administrateur sont requis<\/strong>: L&rsquo;ex\u00e9cution de ce script n\u00e9cessite des droits d&rsquo;administrateur pour acc\u00e9der aux param\u00e8tres du registre et les modifier.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Polyvalence d&rsquo;utilisation<\/strong>: Id\u00e9al pour les entreprises MSP et les professionnels de l&rsquo;informatique pour maintenir la s\u00e9curit\u00e9 sur plusieurs syst\u00e8mes.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><strong>Att\u00e9nuation proactive des risques<\/strong>: Une utilisation r\u00e9guli\u00e8re permet de pr\u00e9venir de mani\u00e8re proactive les modifications non autoris\u00e9es du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><strong>Int\u00e9gration avec les services g\u00e9r\u00e9s<\/strong>: Particuli\u00e8rement utile pour ceux qui utilisent NinjaOne pour la gestion centralis\u00e9e de l&rsquo;informatique.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"9\" data-aria-level=\"1\"><strong>Tenue de registres pour la conformit\u00e9<\/strong>: Enregistre les param\u00e8tres UAC, contribuant ainsi \u00e0 la conformit\u00e9 avec les politiques de s\u00e9curit\u00e9 informatique et les audits.<\/li>\n<\/ul>\n<h2>Introduction<\/h2>\n<p>Le contr\u00f4le des comptes d&rsquo;utilisateurs (UAC) est un composant essentiel du syst\u00e8me d&rsquo;exploitation Windows, qui offre une couche de s\u00e9curit\u00e9 suppl\u00e9mentaire. Il limite essentiellement les logiciels d&rsquo;application aux privil\u00e8ges standard de l&rsquo;utilisateur jusqu&rsquo;\u00e0 ce qu&rsquo;un administrateur autorise une augmentation du niveau de privil\u00e8ge. Dans le monde dynamique de la s\u00e9curit\u00e9 informatique, o\u00f9 les vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par des utilisateurs non autoris\u00e9s, il est primordial de maintenir des param\u00e8tres UAC optimaux. Cet article se penche sur un script PowerShell con\u00e7u pour auditer et configurer les param\u00e8tres de contr\u00f4le des comptes d&rsquo;utilisateurs (UAC) d&rsquo;une machine Windows, un outil tr\u00e8s important pour les professionnels de l&rsquo;informatique et les <a href=\"https:\/\/www.ninjaone.com\/fr\/quest-ce-quun-msp\">fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a>.<\/p>\n<h2>Contexte<\/h2>\n<p>Le script en question fournit une approche compl\u00e8te de l&rsquo;audit du niveau UAC sur un syst\u00e8me Windows. Les professionnels de l&rsquo;informatique et les MSP ont souvent besoin de ces outils pour s&rsquo;assurer que les syst\u00e8mes qu&rsquo;ils g\u00e8rent respectent des normes de s\u00e9curit\u00e9 sp\u00e9cifiques. Le script ne se contente pas d&rsquo;auditer, il facilite \u00e9galement la mise \u00e0 jour des param\u00e8tres UAC et peut enregistrer ces param\u00e8tres dans un champ personnalis\u00e9 \u00e0 des fins de reporting. Sa capacit\u00e9 \u00e0 op\u00e9rer dans l&rsquo;environnement NinjaOne renforce encore son utilit\u00e9 dans les services informatiques g\u00e9r\u00e9s.<\/p>\n<h2>Le script :<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 2\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Condition\/Audit UAC Level. Can save the UAC Level to a custom field if specified.\r\n.DESCRIPTION\r\n    Condition\/Audit UAC Level. Can save the UAC Level to a custom field if specified.\r\n\r\n    Exit Code of 0 is that the UAC Level is set to the defaults or higher\r\n    Exit Code of 1 is that the UAC Level is to lower than defaults\r\n    Exit Code of 2 is when this fails to update a custom field\r\n.EXAMPLE\r\n     -CustomField \"uac\"\r\n    Saves the UAC Level to a custom field.\r\n.OUTPUTS\r\n    String[]\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 7, Windows Server 2012\r\n    Release Notes: Renamed script and added Script Variable support\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/fr\/conditions-dutilisation\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$CustomField\r\n)\r\n\r\nbegin {\r\n    if ($env:customFieldName -and $env:customFieldName -notlike \"null\") { $CustomField = $env:customFieldName }\r\n    \r\n    # https:\/\/learn.microsoft.com\/en-us\/windows\/security\/identity-protection\/user-account-control\/user-account-control-group-policy-and-registry-key-settings#registry-key-settings\r\n    # Define the path in the registry\r\n    $Path = \"HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\"\r\n\r\n    # Define the values to check\r\n    $Values = \"FilterAdministratorToken\",\r\n    \"EnableUIADesktopToggle\",\r\n    \"ConsentPromptBehaviorAdmin\",\r\n    \"ConsentPromptBehaviorUser\",\r\n    \"EnableInstallerDetection\",\r\n    \"ValidateAdminCodeSignatures\",\r\n    \"EnableSecureUIAPaths\",\r\n    \"EnableLUA\",\r\n    \"PromptOnSecureDesktop\",\r\n    \"EnableVirtualization\"\r\n\r\n    # This function is to make it easier to set Ninja Custom Fields.\r\n    function Set-NinjaProperty {\r\n        [CmdletBinding()]\r\n        Param(\r\n            [Parameter(Mandatory = $True)]\r\n            [String]$Name,\r\n            [Parameter()]\r\n            [String]$Type,\r\n            [Parameter(Mandatory = $True, ValueFromPipeline = $True)]\r\n            $Value,\r\n            [Parameter()]\r\n            [String]$DocumentName\r\n        )\r\n\r\n        # If we're requested to set the field value for a Ninja document we'll specify it here.\r\n        $DocumentationParams = @{}\r\n        if ($DocumentName) { $DocumentationParams[\"DocumentName\"] = $DocumentName }\r\n\r\n        # This is a list of valid fields we can set. If no type is given we'll assume the input doesn't have to be changed in any way.\r\n        $ValidFields = \"Attachment\", \"Checkbox\", \"Date\", \"Date or Date Time\", \"Decimal\", \"Dropdown\", \"Email\", \"Integer\", \"IP Address\", \"MultiLine\", \"MultiSelect\", \"Phone\", \"Secure\", \"Text\", \"Time\", \"URL\"\r\n        if ($Type -and $ValidFields -notcontains $Type) { Write-Warning \"$Type is an invalid type! Please check here for valid types. https:\/\/ninjarmm.zendesk.com\/hc\/en-us\/articles\/16973443979789-Command-Line-Interface-CLI-Supported-Fields-and-Functionality\" }\r\n\r\n        # The below field requires additional information in order to set\r\n        $NeedsOptions = \"Dropdown\"\r\n        if ($DocumentName) {\r\n            if ($NeedsOptions -contains $Type) {\r\n                # We'll redirect the error output to the success stream to make it easier to error out if nothing was found or something else went wrong.\r\n                $NinjaPropertyOptions = Ninja-Property-Docs-Options -AttributeName $Name @DocumentationParams 2&gt;&amp;1\r\n            }\r\n        }\r\n        else {\r\n            if ($NeedsOptions -contains $Type) {\r\n                $NinjaPropertyOptions = Ninja-Property-Options -Name $Name 2&gt;&amp;1\r\n            }\r\n        }\r\n\r\n        # If we received some sort of error it should have an exception property and we'll exit the function with that error information.\r\n        if ($NinjaPropertyOptions.Exception) { throw $NinjaPropertyOptions }\r\n\r\n        # The below type's require values not typically given in order to be set. The below code will convert whatever we're given into a format ninjarmm-cli supports.\r\n        switch ($Type) {\r\n            \"Checkbox\" {\r\n                # While it's highly likely we were given a value like \"True\" or a boolean datatype it's better to be safe than sorry.\r\n                $NinjaValue = [System.Convert]::ToBoolean($Value)\r\n            }\r\n            \"Date or Date Time\" {\r\n                # Ninjarmm-cli is expecting the time to be representing as a Unix Epoch string. So we'll convert what we were given into that format.\r\n                $Date = (Get-Date $Value).ToUniversalTime()\r\n                $TimeSpan = New-TimeSpan (Get-Date \"1970-01-01 00:00:00\") $Date\r\n                $NinjaValue = $TimeSpan.TotalSeconds\r\n            }\r\n            \"Dropdown\" {\r\n                # Ninjarmm-cli is expecting the guid of the option we're trying to select. So we'll match up the value we were given with a guid.\r\n                $Options = $NinjaPropertyOptions -replace '=', ',' | ConvertFrom-Csv -Header \"GUID\", \"Name\"\r\n                $Selection = $Options | Where-Object { $_.Name -eq $Value } | Select-Object -ExpandProperty GUID\r\n\r\n                if (-not $Selection) {\r\n                    throw \"Value is not present in dropdown\"\r\n                }\r\n\r\n                $NinjaValue = $Selection\r\n            }\r\n            default {\r\n                # All the other types shouldn't require additional work on the input.\r\n                $NinjaValue = $Value\r\n            }\r\n        }\r\n\r\n        # We'll need to set the field differently depending on if its a field in a Ninja Document or not.\r\n        if ($DocumentName) {\r\n            $CustomField = Ninja-Property-Docs-Set -AttributeName $Name -AttributeValue $NinjaValue @DocumentationParams 2&gt;&amp;1\r\n        }\r\n        else {\r\n            $CustomField = Ninja-Property-Set -Name $Name -Value $NinjaValue 2&gt;&amp;1\r\n        }\r\n\r\n        if ($CustomField.Exception) {\r\n            throw $CustomField\r\n        }\r\n    }\r\n}\r\nprocess {\r\n\r\n    $UacResults = [PSCustomObject]@{}\r\n    # Loop through each value and get each value and add them to $UacResults as a property\r\n    $Values | ForEach-Object {\r\n        $Value = $_\r\n        $Result = $null\r\n        $Result = Get-ItemProperty -Path $Path -Name $Value -ErrorAction SilentlyContinue | Select-Object -ExpandProperty $Value\r\n        if ($null -eq $Result) {\r\n            switch ($Value) {\r\n                'FilterAdministratorToken' { $Result = 0; break }\r\n                'EnableUIADesktopToggle' { $Result = 0; break }\r\n                'ConsentPromptBehaviorAdmin' { $Result = 5; break }\r\n                'ConsentPromptBehaviorUser' { $Result = 3; break }\r\n                'EnableInstallerDetection' { $Result = 0; break } # Assumes enterprise and not Home\r\n                'ValidateAdminCodeSignatures' { $Result = 0; break }\r\n                'EnableSecureUIAPaths' { $Result = 1; break }\r\n                'EnableLUA' { $Result = 1; break }\r\n                'PromptOnSecureDesktop' { $Result = 1; break }\r\n                'EnableVirtualization' { $Result = 1; break }\r\n                Default { $Result = 1 }\r\n            }\r\n        }\r\n        $UacResults | Add-Member -MemberType NoteProperty -Name $Value -Value $Result\r\n    }\r\n\r\n    # Is UAC enabled or disabled\r\n    if (\r\n        $UacResults.ConsentPromptBehaviorAdmin -eq 5 -and\r\n        $UacResults.ConsentPromptBehaviorUser -eq 3 -and\r\n        $UacResults.EnableLUA -eq 1 -and\r\n        $UacResults.FilterAdministratorToken -eq 0 -and\r\n        $UacResults.EnableUIADesktopToggle -eq 0 -and\r\n        $UacResults.ConsentPromptBehaviorAdmin -eq 5 -and\r\n        $UacResults.ConsentPromptBehaviorUser -eq 3 -and\r\n        # Enterprise\r\n        (\r\n            (\r\n                (Get-CimInstance -ClassName Win32_OperatingSystem).Caption -notlike \"*Home*\" -and $UacResults.EnableInstallerDetection -eq 1\r\n            ) -or\r\n            (\r\n                (Get-CimInstance -ClassName Win32_OperatingSystem).Caption -like \"*Home*\" -and $UacResults.EnableInstallerDetection -eq 0\r\n            )\r\n        ) -and\r\n        $UacResults.ValidateAdminCodeSignatures -eq 0 -and\r\n        $UacResults.EnableSecureUIAPaths -eq 1 -and\r\n        $UacResults.EnableLUA -eq 1 -and\r\n        $UacResults.PromptOnSecureDesktop -eq 1 -and\r\n        $UacResults.EnableVirtualization -eq 1\r\n    ) {\r\n        \"UAC Enabled with defaults.\" | Write-Host\r\n    }\r\n    elseif (\r\n        $UacResults.EnableLUA -eq 0 -or\r\n        $UacResults.ConsentPromptBehaviorAdmin -eq 0 -or\r\n        $UacResults.PromptOnSecureDesktop -eq 0\r\n    ) {\r\n        \"UAC Disabled.\" | Write-Host\r\n    }\r\n\r\n    # Get the UAC Level\r\n    $UACLevel = if (\r\n        $UacResults.EnableLUA -eq 0\r\n    ) {\r\n        0\r\n    }\r\n    elseif (\r\n        $UacResults.ConsentPromptBehaviorAdmin -eq 5 -and\r\n        $UacResults.PromptOnSecureDesktop -eq 0 -and\r\n        $UacResults.EnableLUA -eq 1\r\n    ) {\r\n        1\r\n    }\r\n    elseif (\r\n        $UacResults.ConsentPromptBehaviorAdmin -eq 5 -and\r\n        $UacResults.PromptOnSecureDesktop -eq 1 -and\r\n        $UacResults.EnableLUA -eq 1\r\n    ) {\r\n        2\r\n    }\r\n    elseif (\r\n        $UacResults.ConsentPromptBehaviorAdmin -eq 2 -and\r\n        $UacResults.PromptOnSecureDesktop -eq 1 -and\r\n        $UacResults.EnableLUA -eq 1\r\n    ) {\r\n        3\r\n    }\r\n\r\n    # Get the Text version of the UAC Level\r\n    $UACLevelText = switch ($UACLevel) {\r\n        0 { \"Never notify\"; break }\r\n        1 { \"Notify me only (do not dim my desktop)\"; break }\r\n        2 { \"Notify me only (default)\"; break }\r\n        3 { \"Always notify\"; break }\r\n        Default { \"Unknown\"; break }\r\n    }\r\n\r\n    # Output the UAC Level\r\n    \"UAC Level: $UACLevel = $UACLevelText\" | Write-Host\r\n\r\n    # Output the UAC settings\r\n    $UacResults | Out-String | Write-Host\r\n\r\n    # When CustomField is used save the UAC Level to that custom field\r\n    if ($CustomField) {\r\n        try {\r\n            Set-NinjaProperty -Name $CustomField -Value \"$UACLevel = $UACLevelText\" -ErrorAction Stop\r\n        }\r\n        catch {\r\n            Write-Error \"Failed to update Custom Field ($CustomField)\"\r\n            exit 2\r\n        }\r\n    }\r\n\r\n    # Return and exit code of 0 if UAC is set to the default or higher, or 1 when not set to the default\r\n    if ($UACLevel -ge 2) {\r\n        exit 0\r\n    }\r\n    elseif ($UACLevel -lt 2) {\r\n        exit 1\r\n    }\r\n    else {\r\n        exit 1\r\n    }\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p>Acc\u00e9dez \u00e0 plus de 700 scripts dans le Dojo NinjaOne<\/p>\n<p><a href=\"https:\/\/www.ninjaone.com\/fr\/phase-de-test-gratuit\/\">Obtenir l&rsquo;acc\u00e8s<\/a><\/p>\n<\/div>\n<h2>Description d\u00e9taill\u00e9e<\/h2>\n<p>Le script op\u00e8re en plusieurs \u00e9tapes\u00a0:<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Initialisation des param\u00e8tres<\/strong>\u00a0: Il commence par d\u00e9finir un param\u00e8tre <strong>CustomField<\/strong> qui peut \u00eatre utilis\u00e9 pour sp\u00e9cifier un nom de champ personnalis\u00e9 \u00e0 des fins de journalisation.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Configuration de l&rsquo;environnement<\/strong>: Il v\u00e9rifie les variables d&rsquo;environnement et configure les chemins d&rsquo;acc\u00e8s au registre et les valeurs li\u00e9es aux param\u00e8tres UAC.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>D\u00e9finition de la fonction<\/strong>: Une fonction, <strong>Set-NinjaProperty<\/strong>, est d\u00e9finie pour aider \u00e0 mettre \u00e0 jour les champs personnalis\u00e9s de NinjaOne. Cette fonction est essentielle pour les MSP qui utilisent NinjaOne pour g\u00e9rer les syst\u00e8mes de leurs clients.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>D\u00e9termination du niveau UAC<\/strong>: Le script parcourt ensuite les diff\u00e9rents param\u00e8tres du registre li\u00e9s \u00e0 l&rsquo;UAC, en les comparant aux valeurs par d\u00e9faut ou s\u00e9curis\u00e9es afin de d\u00e9terminer le niveau d&rsquo;UAC du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>R\u00e9sultats et enregistrement<\/strong>: Il affiche le niveau et les param\u00e8tres de l&rsquo;UAC dans la console. Si un <strong>champ personnalis\u00e9<\/strong> est fourni, le script enregistre le niveau UAC dans ce champ.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Code de sortie<\/strong>: Enfin, le script se termine en renvoyant un code de sortie bas\u00e9 sur le niveau UAC qu&rsquo;il a d\u00e9termin\u00e9.<\/li>\n<\/ul>\n<h2>Cas d&rsquo;utilisation potentiels<\/h2>\n<p>Imaginez qu&rsquo;un fournisseur de services informatiques g\u00e8re un r\u00e9seau d&rsquo;ordinateurs pour un client. Il peut d\u00e9ployer ce script sur toutes les machines pour s&rsquo;assurer que les param\u00e8tres de l&rsquo;UAC sont aux niveaux recommand\u00e9s, emp\u00eachant ainsi les modifications non autoris\u00e9es qui pourraient compromettre la s\u00e9curit\u00e9.<\/p>\n<h2>Comparaisons<\/h2>\n<p>Traditionnellement, l&rsquo;audit du contr\u00f4le des comptes d&rsquo;utilisateurs (UAC) peut impliquer des contr\u00f4les manuels ou des scripts moins sophistiqu\u00e9s. Ce script offre une approche plus automatis\u00e9e, d\u00e9taill\u00e9e et int\u00e9gr\u00e9e, en particulier pour les environnements g\u00e9r\u00e9s par NinjaOne.<\/p>\n<h2>FAQ<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Ce script peut-il \u00eatre ex\u00e9cut\u00e9 sur n&rsquo;importe quelle version de Windows ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\">Il prend en charge Windows 7, Windows Server 2012 et les versions plus r\u00e9centes.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Est-il n\u00e9cessaire de disposer de privil\u00e8ges d&rsquo;administrateur pour ex\u00e9cuter ce script ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Oui, il n\u00e9cessite des droits d&rsquo;administrateur pour acc\u00e9der aux param\u00e8tres du registre et les modifier.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Le script peut-il modifier les param\u00e8tres d&rsquo;UAC ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\">Bien qu&rsquo;il soit principalement con\u00e7u pour l&rsquo;audit, il peut \u00eatre \u00e9tendu pour modifier les param\u00e8tres en fonction des r\u00e9sultats de l&rsquo;audit.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Implications<\/h2>\n<p>Des param\u00e8tres d&rsquo;UAC incorrects peuvent rendre un syst\u00e8me vuln\u00e9rable \u00e0 un acc\u00e8s non autoris\u00e9 et \u00e0 l&rsquo;installation potentielle de logiciels malveillants. Ce script aide \u00e0 maintenir des configurations de s\u00e9curit\u00e9 optimales, ce qui permet d&rsquo;att\u00e9nuer ces risques.<\/p>\n<h2>Recommandations<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">Ex\u00e9cutez r\u00e9guli\u00e8rement le script pour garantir le respect permanent des normes de s\u00e9curit\u00e9.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\">Int\u00e9grez le script dans les programmes de maintenance r\u00e9guliers pour une gestion automatis\u00e9e.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\">La fonction de journalisation permet de conserver un enregistrement des param\u00e8tres d&rsquo;UAC pour les pistes d&rsquo;audit.<\/li>\n<\/ul>\n<h2>Conclusion :<\/h2>\n<p>Dans le cadre de la <a href=\"https:\/\/www.ninjaone.com\/fr\/gestion-informatique-grande-entreprise\/infrastructure\/\">gestion de l&rsquo;infrastructure informatique,<\/a> en particulier lors de l&rsquo;utilisation de NinjaOne, ce script PowerShell est un atout pr\u00e9cieux. Il automatise un aspect essentiel de la gestion de la s\u00e9curit\u00e9, en veillant \u00e0 ce que les param\u00e8tres UAC sur le r\u00e9seau d&rsquo;une entreprise restent \u00e0 des niveaux optimaux pour maintenir la s\u00e9curit\u00e9 et la conformit\u00e9. Les utilisateurs de NinjaOne peuvent particuli\u00e8rement b\u00e9n\u00e9ficier des capacit\u00e9s d&rsquo;int\u00e9gration du script, ce qui renforce le r\u00f4le de la plateforme en tant que <a href=\"https:\/\/www.ninjaone.com\/fr\/\">solution compl\u00e8te pour les services informatiques g\u00e9r\u00e9s<\/a>.<\/p>\n","protected":false},"author":35,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4281],"class_list":["post-263461","script_hub","type-script_hub","status-publish","hentry","script_hub_category-windows","use_cases-configuration-generale"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub\/263461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/comments?post=263461"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/media?parent=263461"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/operating_system?post=263461"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/use_cases?post=263461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}