Retrieve the Endpoint Privilege Management for Windows Settings
Command: Get-DefendpointSettings
Description
Use the Get-DefendpointSettings cmdlet to retrieve the Endpoint Privilege Management for Windows settings from the Local Group Policy, a specified Group Policy Object (GPO), or from a specified XML file.
The output is a DefendpointSettings object or an XML- formatted string, depending on the parameters supplied.
After the settings are in a PowerShell session or script, you can update relevant sections, and then write them back using Set-DefendpointSettings.
This cmdlet supports Common Parameters. For more information, see about_CommonParameters.
Syntax
Get-DefendpointSettings [-LocalPolicy] [-LocalFile -FileLocation 'path/to/file'] [-UserPolicy] [-Domain -LDAP 'path/to/LDAP'] [-XML]
Parameters
Parameter | Type | Description | Required |
---|---|---|---|
LocalPolicy | Boolean | Return the Endpoint Privilege Management for Windows settings object from the local Group Policy. | One of |
LocalFile | Boolean |
Return the Endpoint Privilege Management for Windows settings from a local Endpoint Privilege Management settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml . Use the -FileLocation parameter to set an alternate file. |
One of |
FileLocation | String |
Set the location of the Endpoint Privilege Management for Windows settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if a file path is not supplied when the -LocalFile parameter is used. |
No |
UserPolicy | Boolean | Return the policy of a user. This cmdlet defaults to a machine policy if this parameter is not used. | No |
Domain | Boolean | Return the Endpoint Privilege Management for Windows settings from the Group Policy Object (GPO) specified by the -LDAP parameter. | One of |
LDAP | String | Specify the LDAP path of the Group Policy Object (GPO). This parameter must be used with -Domain. | Yes, if Domain is used |
XML | Boolean | Return the Endpoint Privilege Management settings as an XML formatted string. |
Return Values
By default, Get-DefendpointSettings returns a DefendpointSettings object. Use the -XML parameter to return the Endpoint Privilege Management policy as an XML formatted string. The cmdlet returns errors if there are any.
$settings = Get-DefendpointSettings -LocalPolicy
The above example outputs:
Version | : | 5.2.102.0 |
ID | : | 1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e |
ConfigRevision | : | 510 |
ApplicationGroups | : | {cmd} |
ContentGroups | : | {} |
URLGroups | : | {} |
Tokens | : | {} |
GlobalOptionsSets | : | {} |
Files | : | Avecto.Defendpoint.Settings.FileList |
Messages | : | {Block Message, Allow Message (Elevate)} |
Policies | : | {New Workstyle} |
Licenses | : | {Avecto.Defendpoint.Settings.License} |
RegistryValues | : | {} |
Get-DefendpointSettings -LocalPolicy -XML > C:/Users/admin/Desktop/DefendpointSettings.xml
The above example does not output anything to the terminal. A file called DefendpointSettings.xml is created at C:/Users/admin/Desktop.
$settings = Get-DefendpointSettings -LocalPolicy
Get-DefendpointSettings -Domain -LDAP "LDAP://DC13.Acme.com/CN= {31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"
The above example outputs:
Version | : | 5.2.102.0 |
ID | : | 1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e |
ConfigRevision | : | 510 |
ApplicationGroups | : | {cmd} |
ContentGroups | : | {} |
URLGroups | : | {} |
Tokens | : | {} |
GlobalOptionsSets | : | {} |
Files | : | Avecto.Defendpoint.Settings.FileList |
Messages | : | {Block Message, Allow Message (Elevate)} |
Policies | : | {New Workstyle} |
Licenses | : | {Avecto.Defendpoint.Settings.License} |
RegistryValues | : | {} |