WldpGetLockdownPolicy function (wldp.h)

Calls the library to get the security state relative to the host, and script or msi to be used. The function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to wldp.dll.

Syntax

HRESULT WldpGetLockdownPolicy(
  PWLDP_HOST_INFORMATION hostInformation,
  PDWORD                 lockdownState,
  DWORD                  lockdownFlags
);

Parameters

hostInformation

A WLDP_HOST_INFORMATION structure identifying the host and source file to be evaluated.

lockdownState

Provides the resulting policy secure value. If !WLDP_LOCKDOWN_IS_OFF, then UMCI is enabled. You can also check WLDP_LOCKDOWN_IS_AUDIT and WLDP_LOCKDOWN_IS_ENFORCE to determine if a policy is in audit or enforce mode.

lockdownFlags

The following flag values are defined WLDP_FLAGS_SKIPSIGNATUREVALIDATION 0x00000100 – when set, skip the SaferIdentifyLevel validation, which will ignore whether a script is signed.

Return value

This method returns S_OK if successful or a failure code otherwise.

Remarks

Note

WldpCanExecuteBuffer, WldpCanExecuteFile, and WldpCanExecuteStream are newer APIs that enable the same scenarios as WldpGetLockdownPolicy but with an improved implementation.

When called with WLDP_HOST_INFORMATION.szSource = NULL, the generic policy for the host is returned.

When called with WLDP_HOST_INFORMATION.dwHostId = WLDP_HOST_ID_GLOBAL, WLDP_HOST_INFORMATION.szSource must be NULL, and the function will return the global system policy.

The dwFlag WLDP_FLAGS_SKIPSIGNATUREVALIDATION can be used to skip the SaferIdentifyLevel() validation, which will ignore whether a script is signed.

Requirements

Requirement	Value
Minimum supported client	Windows 10
Minimum supported server	Windows Server 2016
Header	wldp.h
Library	wldp.lib
DLL	wldp.dll