Retrieve the Endpoint Privilege Management for Windows Settings

Command: Get-DefendpointSettings

Description

Use the Get-DefendpointSettings cmdlet to retrieve the Endpoint Privilege Management for Windows settings from the Local Group Policy, a specified Group Policy Object (GPO), or from a specified XML file.

The output is a DefendpointSettings object or an XML- formatted string, depending on the parameters supplied.

After the settings are in a PowerShell session or script, you can update relevant sections, and then write them back using Set-DefendpointSettings.

This cmdlet supports Common Parameters. For more information, see about_CommonParameters.

Syntax

Get-DefendpointSettings [-LocalPolicy] [-LocalFile -FileLocation 'path/to/file'] [-UserPolicy] [-Domain -LDAP 'path/to/LDAP'] [-XML]

Parameters

Parameter	Type	Description	Required
LocalPolicy	Boolean	Return the Endpoint Privilege Management for Windows settings object from the local Group Policy.	One of
LocalFile	Boolean	Return the Endpoint Privilege Management for Windows settings from a local Endpoint Privilege Management settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml . Use the -FileLocation parameter to set an alternate file.	One of
FileLocation	String	Set the location of the Endpoint Privilege Management for Windows settings file. This cmdlet defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if a file path is not supplied when the -LocalFile parameter is used.	No
UserPolicy	Boolean	Return the policy of a user. This cmdlet defaults to a machine policy if this parameter is not used.	No
Domain	Boolean	Return the Endpoint Privilege Management for Windows settings from the Group Policy Object (GPO) specified by the -LDAP parameter.	One of
LDAP	String	Specify the LDAP path of the Group Policy Object (GPO). This parameter must be used with -Domain.	Yes, if Domain is used
XML	Boolean	Return the Endpoint Privilege Management settings as an XML formatted string.

Return Values

By default, Get-DefendpointSettings returns a DefendpointSettings object. Use the -XML parameter to return the Endpoint Privilege Management policy as an XML formatted string. The cmdlet returns errors if there are any.

Get the local Endpoint Privilege Management Settings as a DefendpontSettings object

$settings = Get-DefendpointSettings -LocalPolicy

The above example outputs:

Version	:	5.2.102.0
ID	:	1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e
ConfigRevision	:	510
ApplicationGroups	:	{cmd}
ContentGroups	:	{}
URLGroups	:	{}
Tokens	:	{}
GlobalOptionsSets	:	{}
Files	:	Avecto.Defendpoint.Settings.FileList
Messages	:	{Block Message, Allow Message (Elevate)}
Policies	:	{New Workstyle}
Licenses	:	{Avecto.Defendpoint.Settings.License}
RegistryValues	:	{}

Save the local Endpoint Privilege Management Settings into an XML file

Get-DefendpointSettings -LocalPolicy -XML > C:/Users/admin/Desktop/DefendpointSettings.xml

The above example does not output anything to the terminal. A file called DefendpointSettings.xml is created at C:/Users/admin/Desktop.

Assign Local Endpoint Privilege Management Settings to a Variable to Work with PowerShell

$settings = Get-DefendpointSettings -LocalPolicy

Get the Endpoint Privilege Management Settings of the Group Policy Object Specified by an LDAP Path

Get-DefendpointSettings -Domain -LDAP "LDAP://DC13.Acme.com/CN=
{31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"

The above example outputs:

Version	:	5.2.102.0
ID	:	1e71ef8e-4ffc-4769-9a5b-11ea102b0f8e
ConfigRevision	:	510
ApplicationGroups	:	{cmd}
ContentGroups	:	{}
URLGroups	:	{}
Tokens	:	{}
GlobalOptionsSets	:	{}
Files	:	Avecto.Defendpoint.Settings.FileList
Messages	:	{Block Message, Allow Message (Elevate)}
Policies	:	{New Workstyle}
Licenses	:	{Avecto.Defendpoint.Settings.License}
RegistryValues	:	{}