Retrieve the Privilege Management for Windows Settings: Get-DefendpointSettings

Get-DefendpointSettings retrieves the Privilege Management for Windows settings from local file, local Group Policy, or domain GPO. Once you have the settings in a PowerShell session or script, you can update relevant sections, and then write them back using Set-DefendpointSettings.

Syntax

Get-DefendpointSettings [-LocalPolicy] [-LocalFile -FileLocation 'path/to/file'] [-UserPolicy] [-Domain -LDAP 'path/to/LDAP'] [-XML]

Description

The Get-DefendpointSettings cmdlet gets the Privilege Management for Windows settings from the Local Group Policy, a specified Group Policy Object (GPO), or from a specified XML file. The output is a DefendpointSettings object or an XML- formatted string, depending on the parameters supplied.

This cmdlet supports Common Parameters. For more information, please see about_CommonParameters.

Parameters

Parameter	Type	Description	Required
LocalPolicy	Boolean	Return the Privilege Management for Windows settings object from the local Group Policy.	One of
LocalFile	Boolean	Return the Privilege Management for Windows settings from a local Privilege Management settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml . Specify an alternate file using the -FileLocation parameter.	One of
FileLocation	String	Specify the location of the Privilege Management for Windows settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if a file path is not supplied when the -LocalFile parameter is used.	No
UserPolicy	Boolean	Return the policy of a user. This cmdlet defaults to a machine policy if this parameter is not used.	No
Domain	Boolean	Return the Privilege Management for Windows settings from the Group Policy Object (GPO) specified by the -LDAP parameter.	One of
LDAP	String	Specify the LDAP path of the Group Policy Object (GPO). This parameter must be used in conjunction with -Domain.	Yes, if Domain is used
XML	Boolean	Return the Privilege Management settings as an XML formatted string.

Return Values

By default, Get-DefendpointSettings returns a DefendpointSettings object. Using the -XML parameter returns the Privilege Management policy as an XML formatted string. The cmdlet returns errors if there are any.

Get the local Privilege Management Settings as a DefendpontSettings object

$settings = Get-DefendpointSettings -LocalPolicy

The above example outputs:

Version	:	5.2.102.0
ID	:	1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e
ConfigRevision	:	510
ApplicationGroups	:	{cmd}
ContentGroups	:	{}
URLGroups	:	{}
Tokens	:	{}
GlobalOptionsSets	:	{}
Files	:	Avecto.Defendpoint.Settings.FileList
Messages	:	{Block Message, Allow Message (Elevate)}
Policies	:	{New Workstyle}
Licenses	:	{Avecto.Defendpoint.Settings.License}
RegistryValues	:	{}

Save the local Privilege Management Settings into an XML file

Get-DefendpointSettings -LocalPolicy -XML > C:/Users/admin/Desktop/DefendpointSettings.xml

The above example does not output anything to the terminal. A file called DefendpointSettings.xml is created at C:/Users/admin/Desktop.

Assign Local Privilege Management Settings to a Variable to Work with PowerShell

$settings = Get-DefendpointSettings -LocalPolicy

Get the Privilege Management Settings of the Group Policy Object Specified by an LDAP Path

Get-DefendpointSettings -Domain -LDAP "LDAP://DC13.Acme.com/CN=
{31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"

The above example outputs:

Version	:	5.2.102.0
ID	:	1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e
ConfigRevision	:	510
ApplicationGroups	:	{cmd}
ContentGroups	:	{}
URLGroups	:	{}
Tokens	:	{}
GlobalOptionsSets	:	{}
Files	:	Avecto.Defendpoint.Settings.FileList
Messages	:	{Block Message, Allow Message (Elevate)}
Policies	:	{New Workstyle}
Licenses	:	{Avecto.Defendpoint.Settings.License}
RegistryValues	:	{}