WldpGetLockdownPolicy function (wldp.h)

Calls the library to get the security state relative to the host, and script or msi to be used. The function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to wldp.dll.


HRESULT WldpGetLockdownPolicy(
  PDWORD                 lockdownState,
  DWORD                  lockdownFlags



A WLDP_HOST_INFORMATION structure identifying the host and source file to be evaluated.


Provides the resulting policy secure value. If !WLDP_LOCKDOWN_IS_OFF, then UMCI is enabled. You can also check WLDP_LOCKDOWN_IS_AUDIT and WLDP_LOCKDOWN_IS_ENFORCE to determine if a policy is in audit or enforce mode.


The following flag values are defined WLDP_FLAGS_SKIPSIGNATUREVALIDATION 0x00000100 – when set, skip the SaferIdentifyLevel validation, which will ignore whether a script is signed.

Return value

This method returns S_OK if successful or a failure code otherwise.



WldpCanExecuteBuffer, WldpCanExecuteFile, and WldpCanExecuteStream are newer APIs that enable the same scenarios as WldpGetLockdownPolicy but with an improved implementation.

When called with WLDP_HOST_INFORMATION.szSource = NULL, the generic policy for the host is returned.

When called with WLDP_HOST_INFORMATION.dwHostId = WLDP_HOST_ID_GLOBAL, WLDP_HOST_INFORMATION.szSource must be NULL, and the function will return the global system policy.

The dwFlag WLDP_FLAGS_SKIPSIGNATUREVALIDATION can be used to skip the SaferIdentifyLevel() validation, which will ignore whether a script is signed.


Requirement Value
Minimum supported client Windows 10
Minimum supported server Windows Server 2016
Header wldp.h
Library wldp.lib
DLL wldp.dll