id: windows-uac-disabled

info:
  name: User Account Control Disabled
  author: princechaddha
  severity: high
  description: Checks if User Account Control (UAC) is disabled on the system.
  impact: |
    Disabling UAC can allow unauthorized changes to system settings, leading to security vulnerabilities.
  remediation: |
    Enable User Account Control to ensure that administrative actions require confirmation, enhancing security.
  tags: windows,uac,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA'

    matchers:
      - type: word
        words:
          - "EnableLUA    : 0"
# digest: 4a0a00473045022100b1184af307f5f45092fe66007fd4e98fbf74d2164fe56f8037230b3891c0213002203748e3a23afcfe927746429e9ca70c5363c15ea3134b7df5cf0d573c1bcd0803:922c64590222798bb761d5b6d8e72950