Metered Connecton Change
Log In or Register to download the BES file, and more.

0 Votes


Metered Connecton Change

Property Details

StatusQA - Ready for Production Level Testing
TitleMetered Connecton Change
CategoryRegistry Edit
Source Release Date3/29/2019 12:00:00 AM
KeywordsWindows 10 Metered Connect Reg Change
Is TaskTrue
Added by on 3/29/2019 7:54:21 AM
Last Modified by on 3/29/2019 7:54:21 AM
Counters 615 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.


Used in 1 fixlet   * Results in a true/false
Show indented relevance
(name of operating system = "Win10") AND (exists value "4G" whose (1 != it as integer) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost" of native registry)


Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
action uses wow64 redirection false

// Special thanks to the following from which portions of this are taken

action uses wow64 redirection false

parameter "RootKey"="LocalMachine"
parameter "RegKey"="SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost"
parameter "FullKeyPath"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost"
parameter "NewOwner"="NT AUTHORITY\System"
parameter "AddACL"="{"%22NT AUTHORITY\System%22,%22FullControl%22,@(%22ObjectInherit%22,%22ContainerInherit%22),%22None%22,%22Allow%22"}"

//Example RootKey values
// LocalMachine; ClassesRoot; CurrentConfig; CurrentUser; Users

// Example RegistryAccessFules
// "NT AUTHORITY\System","FullControl","Allow" ==> Applies to this key only
// "NT AUTHORITY\System","FullControl",@("ObjectInherit","ContainerInherit"),"None","Allow" ==> applies to this key, subkeys, and values

delete __createfile
createfile until EOF_EOF_EOF
##Taken with thanks from

function enable-privilege {
## The privilege to adjust. This set is taken from
"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
"SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
"SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
"SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
"SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
"SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
"SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
"SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
## The process on which to adjust the privilege. Defaults to the current process.
$ProcessId = $pid,
## Switch to disable the privilege, rather than enable it.
[Switch] $Disable

## Taken from P/Invoke.NET with minor adjustments.
$definition = @'
using System;
using System.Runtime.InteropServices;

public class AdjPriv
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);

[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid
public int Count;
public long Luid;
public int Attr;

internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
bool retVal;
TokPriv1Luid tp;
IntPtr hproc = new IntPtr(processHandle);
IntPtr htok = IntPtr.Zero;
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
tp.Count = 1;
tp.Luid = 0;
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
return retVal;

$processHandle = (Get-Process -id $ProcessId).Handle
$type = Add-Type $definition -PassThru
$type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)

enable-privilege SeTakeOwnershipPrivilege
enable-privilege seRestorePrivilege

$key = [Microsoft.Win32.Registry]::{parameter "RootKey" of action}.OpenSubKey("{parameter "RegKey" of action}",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)

## *** Note from Jason Walker - I find the following to not be true if the system account has at least "Read Permissions" to the key.
## Rather than starting from an empty ACL list, I instead try to start from the existing ACL list on the registry key and then modify it as needed
# You must get a blank acl for the key b/c you do not currently have access
#$acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)

$acl = $key.GetAccessControl()
$me = [System.Security.Principal.NTAccount]"{parameter "NewOwner" of action}"

# After you have set owner you need to get the acl with the perms so you can modify it.
$acl = $key.GetAccessControl()
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ({parameter "AddACL" of action})



delete TakeOwnerReg.ps1
move __createfile TakeOwnerReg.ps1

waithidden powershell.exe -ExecutionPolicy Bypass -File TakeOwnerReg.ps1

continue if {exit code of action = 0}

action uses wow64 redirection false

delete __createfile
delete wizardedit.reg

createfile until @end_create_reg_file
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost]


move __createfile wizardedit.reg
waithidden regedit /s "wizardedit.reg"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Social Media:
Share this page on Yammer


Log In or Register to leave comments!