Retrieve the Privilege Management for Windows Settings: Get-DefendpointSettings

Get-DefendpointSettings retrieves the Privilege Management for Windows settings from local file, local Group Policy, or domain GPO. Once you have the settings in a PowerShell session or script, you can update relevant sections, and then write them back using Set-DefendpointSettings.

Get-DefendpointSettings [-LocalPolicy] [-LocalFile -FileLocation 'path/to/file'] [-UserPolicy] [-Domain -LDAP 'path/to/LDAP'] [-XML]

The Get-DefendpointSettings cmdlet gets the Privilege Management for Windows settings from the Local Group Policy, a specified Group Policy Object (GPO), or from a specified XML file. The output is a DefendpointSettings object or an XML- formatted string, depending on the parameters supplied.

This cmdlet supports Common Parameters. For more information, please see about_CommonParameters.

Parameters

Parameter Type Description Required
LocalPolicy Boolean Return the Privilege Management for Windows settings object from the local Group Policy. One of
LocalFile Boolean Return the Privilege Management for Windows settings from a local Privilege Management settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml . Specify an alternate file using the -FileLocation parameter. One of
FileLocation String Specify the location of the Privilege Management for Windows settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if a file path is not supplied when the -LocalFile parameter is used. No
UserPolicy Boolean Return the policy of a user. This cmdlet defaults to a machine policy if this parameter is not used. No
Domain Boolean Return the Privilege Management for Windows settings from the Group Policy Object (GPO) specified by the -LDAP parameter. One of
LDAP String Specify the LDAP path of the Group Policy Object (GPO). This parameter must be used in conjunction with -Domain. Yes, if Domain is used
XML Boolean Return the Privilege Management settings as an XML formatted string.

By default, Get-DefendpointSettings returns a DefendpointSettings object. Using the -XML parameter returns the Privilege Management policy as an XML formatted string. The cmdlet returns errors if there are any.

Get the local Privilege Management Settings as a DefendpontSettings object
$settings = Get-DefendpointSettings -LocalPolicy

The above example outputs:

Version :5.2.102.0
ID:1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e
ConfigRevision:510
ApplicationGroups :{cmd}
ContentGroups:{}
URLGroups :{}
Tokens :{}
GlobalOptionsSets :{}
Files :Avecto.Defendpoint.Settings.FileList
Messages :{Block Message, Allow Message (Elevate)}
Policies:{New Workstyle}
Licenses:{Avecto.Defendpoint.Settings.License}
RegistryValues :{}
 Save the local Privilege Management Settings into an XML file
Get-DefendpointSettings -LocalPolicy -XML > C:/Users/admin/Desktop/DefendpointSettings.xml

The above example does not output anything to the terminal. A file called DefendpointSettings.xml is created at C:/Users/admin/Desktop.

 Assign Local Privilege Management Settings to a Variable to Work with PowerShell
$settings = Get-DefendpointSettings -LocalPolicy
Get the Privilege Management Settings of the Group Policy Object Specified by an LDAP Path
Get-DefendpointSettings -Domain -LDAP "LDAP://DC13.Acme.com/CN=
{31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"

The above example outputs:

Version :5.2.102.0
ID:1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e
ConfigRevision:510
ApplicationGroups :{cmd}
ContentGroups:{}
URLGroups :{}
Tokens :{}
GlobalOptionsSets :{}
Files :Avecto.Defendpoint.Settings.FileList
Messages :{Block Message, Allow Message (Elevate)}
Policies:{New Workstyle}
Licenses:{Avecto.Defendpoint.Settings.License}
RegistryValues :{}