windows_drivers_update_toggle

@(set '(=)||' <# lean and mean cmd / ps1 hybrid, can paste into powershell console #> @'

@echo off & title WINDOWS DRIVERS UPDATE TOGGLE

::# elevate with native shell by AveYo
>nul reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%%2\"& call \"%%2\" %%3"& set _= %*
>nul fltmc|| if "%f0%" neq "%~f0" (cd.>"%temp%\runas.Admin" & start "%~n0" /high "%temp%\runas.Admin" "%~f0" "%_:"=""%" & exit /b)

::# toggle protected Driver key on/off if no arguments, else "restore" or "block"
set KEY=HKLM\SOFTWARE\Microsoft\WindowsUpdate\ExpressionEvaluators\Driver
call :reg_own %KEY% -recurse Inherit -user S-1-1-0 -acc Allow -perm 'FullControl'
call :reg_var %KEY% Prefixes DRIVERS
set CL=%1& for %%a in (%1) do if /i %%~a == restore (set DRIVERS=Blocked) else if /i %%~a == block (set DRIVERS=Restored)
if %DRIVERS% == Blocked (
  >nul reg add %KEY% /f /v Prefixes /t reg_multi_sz /d "d."
  echo; Drivers Update [RESTORED] run again to block
) else (
  >nul reg add %KEY% /f /v Prefixes /t reg_multi_sz /d "Blocked"
  echo; Drivers Update [BLOCKED] run again to restore
)
call :reg_own %KEY% -recurse Delete -user S-1-1-0 -acc Allow -perm 'FullControl'
if not defined CL timeout /t 7
exit /b

:reg_own: [USAGE] call :reg_own "HKCU\Key" -recurse [Inherit|Replace|Delete] -user S-1-5-32-545 -owner '' -acc Allow -perm ReadKey
set ^ #=&set "0=%~f0"&set 1=%*& powershell -nop -c iex(([io.file]::ReadAllText($env:0)-split':reg_own\: .*')[1]);# --%% %*&exit /b
function reg_own { param ( $key, $recurse='', $user='S-1-5-32-544', $owner='', $acc='Allow', $perm='FullControl', [switch]$list )
  $D1=[uri].module.gettype('System.Diagnostics.Process')."GetM`ember"('SetPrivilege',42)[0]; $u=$user; $o=$owner; $p=524288
  'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege' |% {$D1.Invoke($null, @("$_",2))}
  $reg=$key-split':?\\',2; $key=$reg-join'\'; $HK=gi -lit Registry::$($reg[0]) -force; $re=$recurse; $in=(1,0)[$re-eq'Inherit']
  $own=$o-eq''; if($own){$o=$u}; $sid=[Security.Principal.SecurityIdentifier]; $w='S-1-1-0',$u,$o |% {new-object $sid($_)}
  $r=($w[0],$p,1,0,0),($w[1],$perm,1,0,$acc) |% {new-object Security.AccessControl.RegistryAccessRule($_)}; function _own($k,$l) {
  $t=$HK.OpenSubKey($k,2,'TakeOwnership'); if($t) { try {$n=$t.GetAccessControl(4)} catch {$n=$HK.GetAccessControl(4)}
  $u=$n.GetOwner($sid); if($own-and $u) {$w[2]=$u}; $n.SetOwner($w[0]); $t.SetAccessControl($n); $d=$HK.GetAccessControl(2)
  $c=$HK.OpenSubKey($k,2,'ChangePermissions'); $b=$c.GetAccessControl(2); $d.RemoveAccessRuleAll($r[1]); $d.ResetAccessRule($r[0])
  $c.SetAccessControl($d); if($re-ne'') {$sk=$HK.OpenSubKey($k).GetSubKeyNames(); foreach($i in $sk) {_own "$k\$i" $false}}
  if($re-ne'') {$b.SetAccessRuleProtection($in,1)}; $b.ResetAccessRule($r[1]); if($re-eq'Delete') {$b.RemoveAccessRuleAll($r[1])}
  $c.SetAccessControl($b); $b,$n |% {$_.SetOwner($w[2])}; $t.SetAccessControl($n)}; if($l) {return $b|fl} }; _own $reg[1] $list
}; iex "reg_own $(([environment]::get_CommandLine()-split'-[-]%+ ?')[1])" # :reg_own: lean & mean snippet by AveYo, 2022.01.15

:reg_var [USAGE] call :reg_var "HKCU\Volatile Environment" value-or-"" variable [extra options]
set {var}=& set {reg}=reg query "%~1" /v %2 /z /se "," /f /e& if %2=="" set {reg}=reg query "%~1" /ve /z /se "," /f /e
for /f "skip=2 tokens=* delims=" %%V in ('%{reg}% %4 %5 %6 %7 %8 %9 2^>nul') do if not defined {var} set "{var}=%%V"
if not defined {var} (set {reg}=& set "%~3="& exit /b) else if %2=="" set "{var}=%{var}:*)    =%"& rem AveYo: v3
if not defined {var} (set {reg}=& set "%~3="& exit /b) else set {reg}=& set "%~3=%{var}:*)    =%"& set {var}=& exit /b

'@); $0 = "$env:temp\windows_drivers_update_toggle.bat"; ${(=)||} -split "\r?\n" | out-file $0 -encoding default -force; & $0
# press enter