Update the Endpoint Privilege Management for Windows Settings
Command: Set-DefendpointSettings
Description
The Set-DefendpointSettings cmdlet takes an XML file or Endpoint Privilege Management for Windows settings object as input and saves it to either a local file, a Local Group Policy, or a Group Policy Object (GPO).
By default, Set-DefendpointSettings overwrites the existing Endpoint Privilege Management for Windows settings at the target location unless the -Merge parameter is used.
Syntax
Set-DefendpointSettings [-SettingsObject 'path/to/object'] [-LocalPolicy -XML 'path/to/file'] [-UserPolicy] [-Merge 'path/to/file']
Parameters
Parameter | Type | Description | Required |
---|---|---|---|
SettingsObject | Endpoint Privilege Management Configuration Object |
Supply the DefendpointSettings object to use as input. It can be obtained from Get-DefendpointSettings. |
Yes |
-LocalPolicy | Boolean |
Set a local policy file as the Endpoint Privilege Management for Windowssettings. This only works with XML files, and it must be used with the -XML parameter along with the full path to an Endpoint Privilege Management settings XML file. |
|
UserPolicy | Boolean | Update the user policy. If not set, the machine policy is updated instead. | |
Merge | Boolean | Merge the input settings with the target file. If this parameter is not set, the target file is overwritten. | |
LocalFile | String |
Save the Endpoint Privilege Management for Windows settings to a local file. This argument defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if -FileLocation is not used. |
|
TapConfigPath | String |
Define the file save destination. If not set, the file is saved to the local Endpoint Privilege Management for Windows settings file destination: %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml. |
|
Domain | Boolean | Save to a Group Policy Object (GPO). This is used with the -LDAP parameter. | |
LDAP | String | The LDAP path of the GPO. For example: LDAP://DC13.Acme.com/CN={31B2F340-016D-11D2-945D-00D04CB984F9},CN=Policies,CN=System,DC=Acme,DC=com | Yes, when -Domain is supplied |
XML | String | The path of an Endpoint Privilege Management for Windows settings XML file that should be used as input. |
Return Values
Set-DefendpointSettings returns errors if there are any. If not, the function does not return anything.
$PGLicence = "YOUR_LICENCE_HERE" $PGConfig = Get-DefendpointSettings -LocalFile $PGLicence = New-Object Avecto.Defendpoint.Settings.License $PGLicence.Code = "$PGLicense" $PGConfig.Licenses.Add($PGLicence) Set-DefendpointSettings -SettingsObject $PGConfig -LocalFile
Although this example is not part of the API, it is useful to know in this context.
Set-DefendpointSettings –LocalPolicy -XML C:/Users/admin/Desktop/PrivilegeGuardConfig.xml
The above example does not output anything to the terminal.
# Set the licence and LDAP. $Ldap = "LDAP://DC13.Acme.com/CN={31B2F340-016D-11D2-945F- >> 00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com" # Get the local PG Config file. $PGConfig = Get-DefendpointSettings -Domain -LDAP $Ldap # Create a new license object. $PGLicence = New-Object Avecto.Defendpoint.Settings.License $PGLicence.Code = "$PGLicense" # Add the license to the defendpoint config. $PGConfig.Licenses.Add($PGLicence) # Merge the Defendpoint config with the existing Domain Machine policy Defendpoint config. Set-DefendpointSettings -SettingsObject $PGConfig -Domain -Ldap $Ldap
The above example does not output anything to the terminal.