WldpGetLockdownPolicy function

Calls the library to get the security state relative to the host, and script or msi to be used. The function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to wldp.dll.


HRESULT WINAPI WldpGetLockdownPolicy(
  _In_opt_ PWLDP_HOST_INFORMATION hostInformation,
  _Out_    PDWORD                 lockdownState,
  _In_     DWORD                  lockdownFlags


hostInformation [in, optional]

A WLDP_HOST_INFORMATION structure identifying the host and source file to be evaluated.

lockdownState [out]

Provides the resulting policy secure value.

lockdownFlags [in]

The following flag values are defined WLDP_FLAGS_SKIPSIGNATUREVALIDATION 0x00000100 – when set, skip the SaferIdentifyLevel validation, which will ignore whether a script is signed.

Return value

This method returns S_OK if successful or a failure code otherwise.


When called with WLDP_HOST_INFORMATION.szSource = NULL, the generic policy for the host is returned.

When called with WLDP_HOST_INFORMATION.dwHostId = WLDP_HOST_ID_GLOBAL, WLDP_HOST_INFORMATION.szSource must be NULL, and the function will return the global system policy.

The dwFlag WLDP_FLAGS_SKIPSIGNATUREVALIDATION can be used to skip the SaferIdentifyLevel() validation, which will ignore whether a script is signed.


Minimum supported client
Windows 10 [desktop apps only]
Minimum supported server
Windows Server 2016 [desktop apps only]