Retrieve the Privilege Management for Windows Settings: Get-DefendpointSettings
Get-DefendpointSettings retrieves the Privilege Management for Windows settings from local file, local Group Policy, or domain GPO. Once you have the settings in a PowerShell session or script, you can update relevant sections, and then write them back using Set-DefendpointSettings.
Get-DefendpointSettings [-LocalPolicy] [-LocalFile -FileLocation 'path/to/file'] [-UserPolicy] [-Domain -LDAP 'path/to/LDAP'] [-XML]
The Get-DefendpointSettings cmdlet gets the Privilege Management for Windows settings from the Local Group Policy, a specified Group Policy Object (GPO), or from a specified XML file. The output is a DefendpointSettings object or an XML- formatted string, depending on the parameters supplied.
This cmdlet supports Common Parameters. For more information, please see about_CommonParameters.
Parameters
Parameter | Type | Description | Required |
---|---|---|---|
LocalPolicy | Boolean | Return the Privilege Management for Windows settings object from the local Group Policy. | One of |
LocalFile | Boolean | Return the Privilege Management for Windows settings from a local Privilege Management settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml . Specify an alternate file using the -FileLocation parameter. | One of |
FileLocation | String | Specify the location of the Privilege Management for Windows settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if a file path is not supplied when the -LocalFile parameter is used. | No |
UserPolicy | Boolean | Return the policy of a user. This cmdlet defaults to a machine policy if this parameter is not used. | No |
Domain | Boolean | Return the Privilege Management for Windows settings from the Group Policy Object (GPO) specified by the -LDAP parameter. | One of |
LDAP | String | Specify the LDAP path of the Group Policy Object (GPO). This parameter must be used in conjunction with -Domain. | Yes, if Domain is used |
XML | Boolean | Return the Privilege Management settings as an XML formatted string. |
By default, Get-DefendpointSettings returns a DefendpointSettings object. Using the -XML parameter returns the Privilege Management policy as an XML formatted string. The cmdlet returns errors if there are any.
$settings = Get-DefendpointSettings -LocalPolicy
The above example outputs:
Version | : | 5.2.102.0 |
ID | : | 1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e |
ConfigRevision | : | 510 |
ApplicationGroups | : | {cmd} |
ContentGroups | : | {} |
URLGroups | : | {} |
Tokens | : | {} |
GlobalOptionsSets | : | {} |
Files | : | Avecto.Defendpoint.Settings.FileList |
Messages | : | {Block Message, Allow Message (Elevate)} |
Policies | : | {New Workstyle} |
Licenses | : | {Avecto.Defendpoint.Settings.License} |
RegistryValues | : | {} |
Get-DefendpointSettings -LocalPolicy -XML > C:/Users/admin/Desktop/DefendpointSettings.xml
The above example does not output anything to the terminal. A file called DefendpointSettings.xml is created at C:/Users/admin/Desktop.
$settings = Get-DefendpointSettings -LocalPolicy
Get-DefendpointSettings -Domain -LDAP "LDAP://DC13.Acme.com/CN= {31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"
The above example outputs:
Version | : | 5.2.102.0 |
ID | : | 1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e |
ConfigRevision | : | 510 |
ApplicationGroups | : | {cmd} |
ContentGroups | : | {} |
URLGroups | : | {} |
Tokens | : | {} |
GlobalOptionsSets | : | {} |
Files | : | Avecto.Defendpoint.Settings.FileList |
Messages | : | {Block Message, Allow Message (Elevate)} |
Policies | : | {New Workstyle} |
Licenses | : | {Avecto.Defendpoint.Settings.License} |
RegistryValues | : | {} |