Update the Endpoint Privilege Management for Windows Settings

Command: Set-DefendpointSettings

Description

The Set-DefendpointSettings cmdlet takes an XML file or Endpoint Privilege Management for Windows settings object as input and saves it to either a local file, a Local Group Policy, or a Group Policy Object (GPO).

By default, Set-DefendpointSettings overwrites the existing Endpoint Privilege Management for Windows settings at the target location unless the -Merge parameter is used.

Syntax

Set-DefendpointSettings [-SettingsObject 'path/to/object'] [-LocalPolicy -XML 'path/to/file'] [-UserPolicy] [-Merge 'path/to/file']

Parameters

Parameter	Type	Description	Required
SettingsObject	Endpoint Privilege Management Configuration Object	Supply the DefendpointSettings object to use as input. It can be obtained from Get-DefendpointSettings.	Yes
-LocalPolicy	Boolean	Set a local policy file as the Endpoint Privilege Management for Windowssettings. This only works with XML files, and it must be used with the -XML parameter along with the full path to an Endpoint Privilege Management settings XML file.
UserPolicy	Boolean	Update the user policy. If not set, the machine policy is updated instead.
Merge	Boolean	Merge the input settings with the target file. If this parameter is not set, the target file is overwritten.
LocalFile	String	Save the Endpoint Privilege Management for Windows settings to a local file. This argument defaults to %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml if -FileLocation is not used.
TapConfigPath	String	Define the file save destination. If not set, the file is saved to the local Endpoint Privilege Management for Windows settings file destination: %PROGRAMDATA%\Avecto\Privilege Guard\PrivilegeGuardConfig.xml.
Domain	Boolean	Save to a Group Policy Object (GPO). This is used with the -LDAP parameter.
LDAP	String	The LDAP path of the GPO. For example: LDAP://DC13.Acme.com/CN={31B2F340-016D-11D2-945D-00D04CB984F9},CN=Policies,CN=System,DC=Acme,DC=com	Yes, when -Domain is supplied
XML	String	The path of an Endpoint Privilege Management for Windows settings XML file that should be used as input.

Return Values

Set-DefendpointSettings returns errors if there are any. If not, the function does not return anything.

Add License to Endpoint Privilege Management Settings Configuration

$PGLicence = "YOUR_LICENCE_HERE"
$PGConfig = Get-DefendpointSettings -LocalFile
$PGLicence = New-Object Avecto.Defendpoint.Settings.License
$PGLicence.Code = "$PGLicense"
$PGConfig.Licenses.Add($PGLicence)
Set-DefendpointSettings -SettingsObject $PGConfig -LocalFile

Although this example is not part of the API, it is useful to know in this context.

Set the local Endpoint Privilege Management for Windows Settings from an XML File

Set-DefendpointSettings –LocalPolicy -XML C:/Users/admin/Desktop/PrivilegeGuardConfig.xml

The above example does not output anything to the terminal.

Merge an Endpoint Privilege Management Config with the Domain Machine Policy Endpoint Privilege Management Config

# Set the licence and LDAP.
$Ldap = "LDAP://DC13.Acme.com/CN={31B2F340-016D-11D2-945F-
>> 00C04FB984F9},CN=Policies,CN=System,DC=Acme,DC=com"

# Get the local PG Config file.
$PGConfig = Get-DefendpointSettings -Domain -LDAP $Ldap

# Create a new license object.
$PGLicence = New-Object Avecto.Defendpoint.Settings.License
$PGLicence.Code = "$PGLicense"

# Add the license to the defendpoint config.
$PGConfig.Licenses.Add($PGLicence)

# Merge the Defendpoint config with the existing Domain Machine policy Defendpoint config.
Set-DefendpointSettings -SettingsObject $PGConfig -Domain -Ldap $Ldap

The above example does not output anything to the terminal.