WldpGetLockdownPolicy function (wldp.h)
Calls the library to get the security state relative to the host, and script or msi to be used. The function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to wldp.dll.
Syntax
HRESULT WldpGetLockdownPolicy(
PWLDP_HOST_INFORMATION hostInformation,
PDWORD lockdownState,
DWORD lockdownFlags
);
Parameters
hostInformation
A WLDP_HOST_INFORMATION structure identifying the host and source file to be evaluated.
lockdownState
Provides the resulting policy secure value. If !WLDP_LOCKDOWN_IS_OFF, then UMCI is enabled. You can also check WLDP_LOCKDOWN_IS_AUDIT and WLDP_LOCKDOWN_IS_ENFORCE to determine if a policy is in audit or enforce mode.
lockdownFlags
The following flag values are defined WLDP_FLAGS_SKIPSIGNATUREVALIDATION 0x00000100 – when set, skip the SaferIdentifyLevel validation, which will ignore whether a script is signed.
Return value
This method returns S_OK if successful or a failure code otherwise.
Remarks
Note
WldpCanExecuteBuffer, WldpCanExecuteFile, and WldpCanExecuteStream are newer APIs that enable the same scenarios as WldpGetLockdownPolicy but with an improved implementation.
When called with WLDP_HOST_INFORMATION.szSource = NULL, the generic policy for the host is returned.
When called with WLDP_HOST_INFORMATION.dwHostId = WLDP_HOST_ID_GLOBAL, WLDP_HOST_INFORMATION.szSource must be NULL, and the function will return the global system policy.
The dwFlag WLDP_FLAGS_SKIPSIGNATUREVALIDATION can be used to skip the SaferIdentifyLevel() validation, which will ignore whether a script is signed.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows 10 |
Minimum supported server | Windows Server 2016 |
Header | wldp.h |
Library | wldp.lib |
DLL | wldp.dll |