windows_update_reboot_toggle

@(echo off% <#%) &title Windows Update Reboot Toggle, AveYo 2018-2020
set "0=%~f0"&set 1=%*&powershell -nop -win 1 -c iex ([io.file]::ReadAllText($env:0)) &exit/b ||#>)[1]
## wrap script
sp 'HKCU:\Volatile Environment' 'WUReboot' @'

## status for Windows Update Reboot tasks
$utasks = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator'
$reboot = @('Reboot','Reboot_AC','Reboot_Battery')
$reboot |foreach {
  if (gp "$utasks\$_" Id_OFF -ea 0) {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}
}

## toggle dialog prompt with Yes, No, Cancel (6,7,2)
if ($env:1 -ne 6 -and $env:1 -ne 7) {
  $choice=(new-object -ComObject Wscript.Shell).Popup($A + ' Windows Update Reboot?', 0, 'Windows Update Reboot is: ' + $S, 51)
  if ($choice -eq 2) {break} elseif ($choice -eq 6) {$env:1=$TOGGLE} else {$env:1=$KEEP}
}

## relaunch as Admin passing cmdline args
$r=[char]13; $nfo=[char]39+$r+' (\   /)'+$r+'( * . * )  A limited account protects you from UAC exploits'+$r+'    ```'+$r+[char]39
$script='$AveYo='+$nfo+';$env:1='+$env:1+';iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* WUReboot -ea 0)[0].WUReboot)'
$null=fltmc; if($LASTEXITCODE -gt 0){start powershell -args ('-nop -c & {',$script,'}') -verb runas -win 1; break}

## reg_own snippet
function reg_own([string[]]$A){ #key [opt],all,usr,own,acc,perm  : reg_own "HKCU:\My","","S-1-5-32-545","","Allow","FullControl"
$D1=[uri].module.gettype('System.Diagnostics.Process')."GetM`ethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
$path=$A[0]; $rk=$path-split':\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier]
$u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all'
$rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] )
$x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0}
};if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions')
$p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)}
$c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames()
foreach($n in $subkeys){Own1 "$k\$n"}}}}; Own1 $rk[1]; if($env:VO){get-acl Registry::$path|fl}} # lean & mean ps snippet by AveYo

## use reg_own snippet to unprotect Windows Update Reboot tasks
reg_own $utasks,'preserve','S-1-1-0' ## reg_own $utasks,'none','S-1-1-0'

## toggle Windows Update Reboot tasks
 if ($env:1 -eq 6) {
   $reboot |foreach {if (gp "$utasks\$_" Id -ea 0) {rnp "$utasks\$_" Id Id_OFF -Force -ea 0}}
 } else {
   $reboot |foreach {if (gp "$utasks\$_" Id_OFF -ea 0) {rnp "$utasks\$_" Id_OFF Id -Force -ea 0}}
 }

## execute script
'@ -Force -ea 0; iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* WUReboot -ea 0)[0].WUReboot)
#-_-# hybrid script, can be pasted directly into powershell console