New-HgsKeyProtector

Creates a key protector.

Syntax

New-HgsKeyProtector
   [-Owner] <CimInstance>
   [[-Guardian] <CimInstance[]>]
   [-AllowExpired]
   [-AllowUntrustedRoot]
   [<CommonParameters>]

Description

The New-HgsKeyProtector cmdlet creates a key protector. This cmdlet generates a key and wraps it for the specified guardian owner. You cannot change the owner for this key protector. You can grant or revoke access to the key for other guardians by using the Grant-HgsKeyProtectorAccess and Revoke-HgsKeyProtectorAccess cmdlets.

This cmdlet can create a key protector based on the raw byte stream of an existing key protector.

Examples

Example 1: Create a key protector

PS C:\> $Owner = Get-HgsGuardian -Name "Guardian11"
PS C:\> $GuardianA = Get-HgsGuardian -Name "GuardianA"
PS C:\> $GuardianB = Get-HgsGuardian -Name "GuardianB"
PS C:\> New-HgsKeyProtector -Owner $Owner -Guardians @($GuardianA, $GuardianB)

The first command gets the guardian object named Guardian11 by using the Get-HgsGuardian cmdlet, and then stores that object in the $Owner variable.

The second and third commands get two guardians named GuardianA and GuardianB. These commands store the guardians in the $GuardianA and $GuardianB variables.

The final command creates a key protector. The command defines Guardian11 as the Owner. The command also grants access to the guardians stored in $GuardianA and $GuardianB.

Parameters

-AllowExpired

Indicates that this cmdlet can create a key protector by using certificates that are expired.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowUntrustedRoot

Indicates that this cmdlet can create a key protector by using self-signed certificates.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Guardian

Specifies an array of guardians to grant access to the key in addition to the guardian specified by the Owner parameter.

Type:CimInstance[]
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Owner

Specifies a guardian for the new key protector. The cmdlet grants access to this guardian. This guardian cannot be changed for this key protector.

Type:CimInstance
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Outputs

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.