I am preparing a PowerShell script to perform initial configuration on some Windows 10 hosts. One of the configuration steps involves a problem with an older piece of software requesting administration elevation, which it does not need. This software is not called by the script itself, but will be used by users as required. The solution requires that I set a compatibility flag forcing the program to run as invoker for all users - I'm trying to figure out a way to implement this solution in the configuration script.
To do this, I can add a string value to the registry key HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers. The string value's name is the absolute path of the executable in question, and its data value is ~ RUNASINVOKER. Putting this into a Powershell script is not a problem.
The problem is that this alone does not work, even after restarting the machine. In order to make it take effect, I need to right click on the executable in explorer and choose properties, select "Change settings for all users" under the compatibility tab, then simply click OK in the new dialogue without changing any settings.
It seems as though this process does something to refresh or initialise my compatibility settings, but I am unclear what happens, much less how to implement in a PowerShell script.
I should add that the process also works in reverse. I can add the registry value after doing the "Change settings for all users" fix and it will take effect immediately.
Does anyone understand what is happening to make my registry addition take effect, and how I can implement this in a PowerShell script?
Thank you.
