Example PowerShell Configurations

Create New Configuration, Save to Local File

# Import both Defendpoint cmdlet module
Import-Module 'C:\Program Files\Avecto\Privilege Guard Client\PowerShell\Avecto.Defendpoint.Cmdlets\Avecto.Defendpoint.Cmdlets.dll'
# Create a new variable containing a new Defendpoint Configuration Object
$PGConfig = New-Object Avecto.Defendpoint.Settings.Configuration
## Add License ##
# Create a new license object
$PGLicence = New-Object Avecto.Defendpoint.Settings.License
# Define license value
$PGLicence.Code = "5461E0D0-DE30-F282-7D67-A7C6-B011-2200"
# Add the License object to the local PG Config file
$PGConfig.Licenses.Add($PGLicence)
## Add Application Group ##
# Create an Application Group object
$AppGroup = new-object Avecto.Defendpoint.Settings.ApplicationGroup
# Define the value of the Application Group name
$AppGroup.name = "New App Group"
# Add the Application Group object to the local PG Config file
$PGConfig.ApplicationGroups.Add($AppGroup)
## Add Application ##
# Create an application object $PGApplication = new-object Avecto.Defendpoint.Settings.Application $PGConfig # Use the Get-DefendpointFileInformation to target Windows Calculator $PGApplication = Get-DefendpointFileInformation -Path C:\windows\system32\calc.exe # Add the application to the Application group $PGConfig.ApplicationGroups[0].Applications.AddRange($PGApplication) ## Add Message ##
# Create a new message object $PGMessage = New-Object Avecto.Defendpoint.Settings.message $PGConfig #Define the message Name, Description and OK action and the type of message $PGMessage.Name = "Elevation Prompt" $PGMessage.Description = "An elevation message" $PGMessage.OKAction = [Avecto.Defendpoint.Settings.Message+ActionType]::Proceed $PGMessage.Notification = 0 # Define whether the message is displayed on a secure desktop $PGMessage.ShowOnIsolatedDesktop = 1 # Define How the message contains $PGMessage.HeaderType = [Avecto.Defendpoint.Settings.message+MsgHeaderType]::Default $PGMessage.HideHeaderMessage = 0 $PGMessage.ShowLineOne = 1 $PGMessage.ShowLineTwo = 1 $PGMessage.ShowLineThree = 1 $PGMessage.ShowReferLink = 0 $PGMessage.ShowCancel = 1 $PGMessage.ShowCRInfoTip = 0 # Define whether a reason settings $PGMessage.Reason = [Avecto.Defendpoint.Settings.message+ReasonType]::None $PGMessage.CacheUserReasons = 0 # Define authorization settings $PGMessage.PasswordCheck = Avecto.Defendpoint.Settings.message+AuthenticationPolicy]::None $PGMessage.AuthenticationType = [Avecto.Defendpoint.Settings.message+MsgAuthenticationType]::Any $PGMessage.RunAsAuthUser = 0 # Define Message strings $PGMessage.MessageStrings.Caption = "This is an elevation message" $PGMessage.MessageStrings.Header = "This is an elevation message header" $PGMessage.MessageStrings.Body = "This is an elevation message body" $PGMessage.MessageStrings.ReferURL = "http:\\www.bbc.co.uk" $PGMessage.MessageStrings.ReferText = "This is an elevation message refer" $PGMessage.MessageStrings.ProgramName = "This is a test Program Name" $PGMessage.MessageStrings.ProgramPublisher = "This is a test Program Publisher" $PGMessage.MessageStrings.PublisherUnknown = "This is a test Publisher Unknown" $PGMessage.MessageStrings.ProgramPath = "This is a test Path" $PGMessage.MessageStrings.ProgramPublisherNotVerifiedAppend = "This is a test verification failure" $PGMessage.MessageStrings.RequestReason = "This is a test Request Reason" $PGMessage.MessageStrings.ReasonError = "This is a test Reason Error" $PGMessage.MessageStrings.Username = "This is a test Username" $PGMessage.MessageStrings.Password = "This is a test Password" $PGMessage.MessageStrings.Domain = "This is a test Domain" $PGMessage.MessageStrings.InvalidCredentials = "This is a test Invalid Creds" $PGMessage.MessageStrings.OKButton = "OK" $PGMessage.MessageStrings.CancelButton = "Cancel" # Add the PG Message to the PG Configuration $PGConfig.Messages.Add($PGMessage) ## Add custom Token ## # Create a new custom Token object $PGToken = New-Object Avecto.Defendpoint.Settings.Token # Define the Custom Token settings $PGToken.Name = "Custom Token 1" $PGToken.Description = "Custom Token 1" $PGToken.ClearInheritedPrivileges = 0 $PGToken.SetAdminOwner = 1 $PGToken.EnableAntiTamper = 0 $PGToken.IntegrityLevel = Avecto.Defendpoint.Settings.Token+IntegrityLevelType]::High # Add the Custom Token to the PG Configuration $PGConfig.Tokens.Add($PGToken) ## Add Policy ## # Create new policy object $PGPolicy = new-object Avecto.Defendpoint.Settings.Policy $PGConfig # Define policy details $PGPolicy.Disabled = 0 $PGPolicy.Name = "Policy 1" $PGPolicy.Description = "Policy 1" # Add the policy to the PG Configurations $PGConfig.Policies.Add($PGPolicy) ## Add Policy Rule ## # Create a new policy rule $PGPolicyRule = New-Object Avecto.Defendpoint.Settings.ApplicationAssignment PGConfig # Define the Application rule settings $PGPolicyRule.ApplicationGroup = $PGConfig.ApplicationGroups[0] $PGPolicyRule.BlockExecution = 0 $PGPolicyRule.ShowMessage = 1 $PGPolicyRule.Message = $PGConfig.Messages[0] $PGPolicyRule.TokenType = [Avecto.Defendpoint.Settings.Assignment+TokenTypeType]::AddAdmin $PGPolicyRule.Audit = [Avecto.Defendpoint.Settings.Assignment+AuditType]::On $PGPolicyRule.PrivilegeMonitoring = [Avecto.Defendpoint.Settings.Assignment+AuditType]::Off $PGPolicyRule.ForwardEPO = 0 $PGConfig.Policies[0].ApplicationAssignments.Add($PGPolicyRule) ## Set the Defendpoint configuration to a local file and prompt for user confirmation ## Set-DefendpointSettings -SettingsObject $PGConfig -Localfile –Confirm

Open Local User Policy, Modify then Save

# Import the Defendpoint cmdlet module
Import-Module 'C:\Program Files\Avecto\Privilege Guard Client\PowerShell\Avecto.Defendpoint.Cmdlets\Avecto.Defendpoint.Cmdlets.dll'
# Get the local file policy Defendpoint Settings
$PGConfig = Get-DefendpointSettings -LocalFile
# Disable a policy
$PGPolicy = $PGConfig.Policies[0]
$PGPolicy.Disabled = 1
$PGConfig.Policies[0] = $PGPolicy
# Remove the PG License
$TargetLicense = $PGConfig.Licenses[0]
$PGConfig.Licenses.Remove($TargetLicense)
# Update an existing application definition to match on Filehash
$UpdateApp = $PGConfig.ApplicationGroups[0].Applications[0]
$UpdateApp.CheckFileHash = 1
$PGConfig.ApplicationGroups[0].Applications[0] = $UpdateApp
# Set the Defendpoint configuration to the local file policy and prompt for user confirmation
Set-DefendpointSettings -SettingsObject $PGConfig -LocalFile -Confirm

Open Local Configuration and Save to Domain GPO

# Import the Defendpoint cmdlet module
Import-Module 'C:\Program Files\Avecto\Privilege Guard Client\PowerShell\Avecto.Defendpoint.Cmdlets\Avecto.Defendpoint.Cmdlets.dll'
# get the local Defendpoint configuration and set this to the domain computer policy, ensuring the user is prompted to confirm the change
Get-DefendpointSettings -LocalFile | Set-DefendpointSettings -Domain -LDAP "LDAP://My.Domain/CN={GUID},CN=Policies,CN=System,DC=My,DC=domain" –Confirm