The data execution policy can be obtained using bcdedit /enum however that command has a lot of output. I needed to get the system DEP policy setting in PowerShell so I found a Win32 function called GetSystemDEPPolicy. So in order to call this from PowerShell we'll need to use p/invoke again. Here's how:
function Get-SystemDEPPolicy {
Add-Type -Namespace Win32 -Name DEP -MemberDefinition @"
[DllImport("kernel32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
public static extern int GetSystemDEPPolicy();
public static int GetCurrentSystemDEPPolicy() {
return GetSystemDEPPolicy();
}
"@
$policyCode = [Win32.DEP]::GetCurrentSystemDEPPolicy()
switch ($policyCode) {
0 {Write-Output 'AlwaysOff'}
1 {Write-Output 'AlwaysOn'}
2 {Write-Output 'OptIn'}
3 {Write-Output 'OptOut'}
}
}Update: I should of looked at WMI first! There is a property named DataExecutionPrevention_SupportPolicy in the Win32_OperatingSystem class that also stores this information and it's easier to retrieve...
Get-WmiObject -Class Win32_OperatingSystem -Property DataExecutionPrevention_SupportPolicy
No comments:
Post a Comment