LinkPhoenix/Disable-HVCI.ps1

## Disable-HVCI.ps1
<#
.SYNOPSIS
    Disable Hypervisor-Enforced Code Integrity (HVCI) via registry to allow Fort Firewall installation.

.DESCRIPTION
    This script checks for administrator rights and relaunches elevated if needed.
    It prompts for user confirmation before disabling HVCI by modifying the appropriate registry key.
    Disabling HVCI is necessary because Fort Firewall cannot be used when this protection is enabled.
    Designed to ensure safe configuration changes enabling Fort Firewall setup.

.PARAMETER None
    No parameters required; runs interactively with user prompts.

.EXAMPLE
    .\Disable-HVCI.ps1
    Interactively disables HVCI, preparing system for Fort Firewall installation.

.NOTES
    Created: 2025-10-20
    Version: 1.0
#>

function Confirm-Action {
    param (
        [string]$Message = "Do you want to proceed? (Y/N): "
    )
    do {
        $response = Read-Host $Message
    } while ($response -notmatch '^[YyNn]$')
    return $response -match '^[Yy]$'
}

function Ensure-RunAsAdministrator {
    $currentUser = [Security.Principal.WindowsIdentity]::GetCurrent()
    $principal   = New-Object Security.Principal.WindowsPrincipal($currentUser)
    if (-not $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) {
        Write-Host "Relaunching as administrator..." -ForegroundColor Yellow
        Start-Process -FilePath "powershell.exe" `
                      -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" `
                      -Verb RunAs
        Exit
    }
}

# Ensure admin rights
Ensure-RunAsAdministrator

# Ask for confirmation
if (-not (Confirm-Action -Message "This will disable HVCI. Continue? (Y/N): ")) {
    Write-Host "Operation cancelled by user." -ForegroundColor Cyan
    Exit
}

# Disable HVCI
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity"
try {
    Set-ItemProperty -Path $regPath -Name Enabled -Value 0 -ErrorAction Stop
    Write-Host "HVCI has been successfully disabled. Please restart your PC to apply changes." -ForegroundColor Green
} catch {
    Write-Host "Failed to update registry: $_" -ForegroundColor Red
    Exit 1
}
	<#
	.SYNOPSIS
	Disable Hypervisor-Enforced Code Integrity (HVCI) via registry to allow Fort Firewall installation.

	.DESCRIPTION
	This script checks for administrator rights and relaunches elevated if needed.
	It prompts for user confirmation before disabling HVCI by modifying the appropriate registry key.
	Disabling HVCI is necessary because Fort Firewall cannot be used when this protection is enabled.
	Designed to ensure safe configuration changes enabling Fort Firewall setup.

	.PARAMETER None
	No parameters required; runs interactively with user prompts.

	.EXAMPLE
	.\Disable-HVCI.ps1
	Interactively disables HVCI, preparing system for Fort Firewall installation.

	.NOTES
	Created: 2025-10-20
	Version: 1.0
	#>

	function Confirm-Action {
	param (
	[string]$Message = "Do you want to proceed? (Y/N): "
	)
	do {
	$response = Read-Host $Message
	} while ($response -notmatch '^[YyNn]$')
	return $response -match '^[Yy]$'
	}

	function Ensure-RunAsAdministrator {
	$currentUser = [Security.Principal.WindowsIdentity]::GetCurrent()
	$principal = New-Object Security.Principal.WindowsPrincipal($currentUser)
	if (-not $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) {
	Write-Host "Relaunching as administrator..." -ForegroundColor Yellow
	Start-Process -FilePath "powershell.exe" `
	-ArgumentList "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" `
	-Verb RunAs
	Exit
	}
	}

	# Ensure admin rights
	Ensure-RunAsAdministrator

	# Ask for confirmation
	if (-not (Confirm-Action -Message "This will disable HVCI. Continue? (Y/N): ")) {
	Write-Host "Operation cancelled by user." -ForegroundColor Cyan
	Exit
	}

	# Disable HVCI
	$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity"
	try {
	Set-ItemProperty -Path $regPath -Name Enabled -Value 0 -ErrorAction Stop
	Write-Host "HVCI has been successfully disabled. Please restart your PC to apply changes." -ForegroundColor Green
	} catch {
	Write-Host "Failed to update registry: $_" -ForegroundColor Red
	Exit 1
	}
No results found