Forum Discussion

DamianL1984's avatar
DamianL1984
Brass Contributor
Oct 14, 2022

Disable Exclusive Mode for All Audio Devices via PS

Hi all 🙂

 

Currently I am working on a script that will disable Exclusive Mode for all audio devices in Windows 10. So far I created this script:

 

$Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" }

 

When I ran it as administrator I can see that it can find requested value on all registry keys under: 

 

"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"

 

But scripts ends with permission denied error:

 

PS C:\WINDOWS\system32> $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" }
Set-ItemProperty : Requested registry access is not allowed.
At line:2 char:123
+ ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...073}\Properties:String) [Set-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
 
Set-ItemProperty : Requested registry access is not allowed.
At line:2 char:123
+ ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...3b4}\Properties:String) [Set-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
 

PS C:\WINDOWS\system32> 

 

So I know that at least the finding part is working properly.

 

I created a script in MECM and deployed for test computer as the script should be ran with System Account permission and it ends with successful state but values are not being changed. Could someone share some advice regarding this case?

 

Thanks

Damian

 

4 Replies

  • DamianL1984's avatar
    DamianL1984
    Brass Contributor
    So the problem is lack of permission for NT Authority System account. I had to ran regedit with Trustedinstaller permissions, add full permission for NT Authority System and then script starts to works deployed via SCCM.
    So right now I am wondering if there is possibility to change registry permission through sccm as the script will be needed to run with trustedinstaller permissions?
    • DamianL1984's avatar
      DamianL1984
      Brass Contributor

      Finally I was able to solve that issue by creating two scripts.

       

      1. It uses SetACL.exe to take ownership of registry key by System account and set privileges to that account:

       

      cd ".\SetACL"
      SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture" -ot reg -actn setowner -ownr "n:NT Authority\System" -rec Yes
      SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture" -ot reg -actn ace -ace "n:NT Authority\System";p:full"

      2. Change registry settings related to Exclusive Mode:

       

      $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
      Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" | % {Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -type Dword -value 0}
      $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
      Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},4" | % {Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},4" -type Dword -value 0}

       

      A created two packages in SCCM (separately for each script) and ran them through Task Sequence.

       

      Maybe that will be helpful for someone who struggle the same task and issue 🙂

       

      Regards

      Damian

      • ChrisManes's avatar
        ChrisManes
        Copper Contributor

        Is there a way to run this that doesn't involve a 3rd party exe?