Update the Privilege Management for Windows Settings: Set-DefendpointSettings

Set-DefendpointSettings saves Privilege Management for Windows settings to either a local Group Policy, a local file, or a specified Group Policy Object (GPO).

Set-DefendpointSettings [-SettingsObject 'path/to/object'] [-LocalPolicy -XML 'path/to/file'] [-UserPolicy] [-Merge 'path/to/file']

The Set-DefendpointSettings cmdlet takes an XML file or Privilege Management for Windows settings object as input and saves it to either a local file, a local Group Policy, or a Group Policy Object (GPO). By default, this function overwrites the existing Privilege Management for Windows settings at the target location unless the -Merge parameter is used.

Parameters

Parameter Type Description Required
SettingsObject Privilege Management Configuration Object Supply the DefendpointSettings object that should be used as input. It can be obtained from Get-DefendpointSettings. Yes
-LocalPolicy Boolean Set a local policy file as the Privilege Management for Windows settings. This only works with XML files, and it must be used in conjunction with the -XML parameter along with the full path to a Privilege Management settings XML file.
UserPolicy Boolean Update the user policy. If not set, the machine policy is updated instead.
Merge Boolean Merge the input settings with the target file. If this parameter is not set, the target file is overwritten.
LocalFile String Save the Privilege Management for Windows settings to a local file. This argument defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if -FileLocation is not used.
TapConfigPath String

Define the file save destination. If not set, the file is saved to the local Privilege Management for Windows settings file destination: %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml.

Domain Boolean Save to a Group Policy Object (GPO). This is used in conjunction with the -LDAP parameter.
LDAP String The LDAP path of the GPO. For example: LDAP://DC13.Acme.com/CN={31B2F340-016D-11D2-945D-00D04CB984F9},CN=Policies,CN=System,DC=Acme,DC=com Yes, when -Domain is supplied
XML String The path of a Privilege Management for Windows settings XML file that should be used as input.

Set-DefendpointSettings returns errors if there are any. If not, the function does not return anything.

Add License to Privilege Management Settings Configuration
$PGLicence = "YOUR_LICENCE_HERE"
$PGConfig = Get-DefendpointSettings -LocalFile
$PGLicence = New-Object Avecto.Defendpoint.Settings.License
$PGLicence.Code = "$PGLicense"
$PGConfig.Licenses.Add($PGLicence)
Set-DefendpointSettings -SettingsObject $PGConfig -LocalFile

Although this example is not part of the API, it is useful to know in this context.

Set the local Privilege Management for Windows Settings from an XML File
Set-DefendpointSettings –LocalPolicy -XML C:/Users/admin/Desktop/PrivilegeGuardConfig.xml

The above example does not output anything to the terminal.

Merge a Privilege Management Config with the Domain Machine Policy Privilege Management Config
# Set the licence and LDAP.
$Ldap = "LDAP://DC13.Acme.com/CN={31B2F340-016D-11D2-945F-
>> 00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"

# Get the local PG Config file.
$PGConfig = Get-DefendpointSettings -Domain -LDAP $Ldap

# Create a new license object.
$PGLicence = New-Object Avecto.Defendpoint.Settings.License
$PGLicence.Code = "$PGLicense"

# Add the license to the defendpoint config.
$PGConfig.Licenses.Add($PGLicence)

# Merge the Defendpoint config with the existing Domain Machine policy Defendpoint config.
Set-DefendpointSettings -SettingsObject $PGConfig -Domain -Ldap $Ldap

The above example does not output anything to the terminal.