Forum Discussion

DamianL1984's avatar
DamianL1984
Copper Contributor
Oct 14, 2022

Disable Exclusive Mode for All Audio Devices via PS

Hi all 🙂

 

Currently I am working on a script that will disable Exclusive Mode for all audio devices in Windows 10. So far I created this script:

 

$Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" }

 

When I ran it as administrator I can see that it can find requested value on all registry keys under: 

 

"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"

 

But scripts ends with permission denied error:

 

PS C:\WINDOWS\system32> $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" }
Set-ItemProperty : Requested registry access is not allowed.
At line:2 char:123
+ ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...073}\Properties:String) [Set-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
 
Set-ItemProperty : Requested registry access is not allowed.
At line:2 char:123
+ ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...3b4}\Properties:String) [Set-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
 

PS C:\WINDOWS\system32> 

 

So I know that at least the finding part is working properly.

 

I created a script in MECM and deployed for test computer as the script should be ran with System Account permission and it ends with successful state but values are not being changed. Could someone share some advice regarding this case?

 

Thanks

Damian

 

  • DamianL1984's avatar
    DamianL1984
    Copper Contributor
    So the problem is lack of permission for NT Authority System account. I had to ran regedit with Trustedinstaller permissions, add full permission for NT Authority System and then script starts to works deployed via SCCM.
    So right now I am wondering if there is possibility to change registry permission through sccm as the script will be needed to run with trustedinstaller permissions?
    • DamianL1984's avatar
      DamianL1984
      Copper Contributor

      Finally I was able to solve that issue by creating two scripts.

       

      1. It uses SetACL.exe to take ownership of registry key by System account and set privileges to that account:

       

      cd ".\SetACL"
      SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture" -ot reg -actn setowner -ownr "n:NT Authority\System" -rec Yes
      SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture" -ot reg -actn ace -ace "n:NT Authority\System";p:full"

      2. Change registry settings related to Exclusive Mode:

       

      $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
      Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" | % {Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -type Dword -value 0}
      $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\"
      Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},4" | % {Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},4" -type Dword -value 0}

       

      A created two packages in SCCM (separately for each script) and ran them through Task Sequence.

       

      Maybe that will be helpful for someone who struggle the same task and issue 🙂

       

      Regards

      Damian

      • sebastiansieh-sc's avatar
        sebastiansieh-sc
        Copper Contributor

        Great job figuring that out. Window's propensity to alter this setting after updates is such a pain for my org.

         

        I'm trying to run this and I'm not sure where SetACL.exe is coming from. It's not in my system32 folder.
        Edit: found it. Download here.

Resources