New-HgsKeyProtector
Creates a key protector.
Syntax
New-HgsKeyProtector
[-Owner] <CimInstance>
[[-Guardian] <CimInstance[]>]
[-AllowExpired]
[-AllowUntrustedRoot]
[<CommonParameters>] Description
The New-HgsKeyProtector cmdlet creates a key protector. This cmdlet generates a key and wraps it for the specified guardian owner. You cannot change the owner for this key protector. You can grant or revoke access to the key for other guardians by using the Grant-HgsKeyProtectorAccess and Revoke-HgsKeyProtectorAccess cmdlets.
This cmdlet can create a key protector based on the raw byte stream of an existing key protector.
Examples
Example 1: Create a key protector
PS C:\> $Owner = Get-HgsGuardian -Name "Guardian11"
PS C:\> $GuardianA = Get-HgsGuardian -Name "GuardianA"
PS C:\> $GuardianB = Get-HgsGuardian -Name "GuardianB"
PS C:\> New-HgsKeyProtector -Owner $Owner -Guardians @($GuardianA, $GuardianB)The first command gets the guardian object named Guardian11 by using the Get-HgsGuardian cmdlet, and then stores that object in the $Owner variable.
The second and third commands get two guardians named GuardianA and GuardianB. These commands store the guardians in the $GuardianA and $GuardianB variables.
The final command creates a key protector. The command defines Guardian11 as the Owner. The command also grants access to the guardians stored in $GuardianA and $GuardianB.
Parameters
-AllowExpired
Indicates that this cmdlet can create a key protector by using certificates that are expired.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowUntrustedRoot
Indicates that this cmdlet can create a key protector by using self-signed certificates.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Guardian
Specifies an array of guardians to grant access to the key in addition to the guardian specified by the Owner parameter.
| Type: | CimInstance[] |
| Position: | 2 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Owner
Specifies a guardian for the new key protector. The cmdlet grants access to this guardian. This guardian cannot be changed for this key protector.
| Type: | CimInstance |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Outputs
CimInstance
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects.
The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.