# Toggle-DCOMHardening.ps1
# Run as Administrator
$regPath = "HKLM:\SOFTWARE\Microsoft\Ole\AppCompat"
$valueName = "RequireIntegrityActivationAuthenticationLevel"
# Ensure the key exists
if (-not (Test-Path $regPath)) {
New-Item -Path $regPath -Force | Out-Null
}
# Read current value
$current = (Get-ItemProperty -Path $regPath -Name $valueName -ErrorAction SilentlyContinue).$valueName
if ($null -eq $current) {
Write-Host "DCOM hardening setting not found. Default is Enforced (2)."
$current = 2
}
Write-Host "Current DCOM Hardening Level: $current"
switch ($current) {
0 {
Write-Host "Currently DISABLED. Toggling to ENFORCED (2)..."
Set-ItemProperty -Path $regPath -Name $valueName -Value 2 -Type DWord
}
1 {
Write-Host "Currently COMPATIBILITY MODE. Toggling to ENFORCED (2)..."
Set-ItemProperty -Path $regPath -Name $valueName -Value 2 -Type DWord
}
2 {
Write-Host "Currently ENFORCED. Toggling to DISABLED (0)..."
Set-ItemProperty -Path $regPath -Name $valueName -Value 0 -Type DWord
}
Default {
Write-Host "Unexpected value ($current). Forcing DISABLED (0)..."
Set-ItemProperty -Path $regPath -Name $valueName -Value 0 -Type DWord
}
}
$newValue = (Get-ItemProperty -Path $regPath -Name $valueName).$valueName
Write-Host "New DCOM Hardening Level: $newValue"
Write-Host "A system restart is required for changes to take effect."
Just hacking around a bit