Revoke-HgsKeyProtectorAccess

Revokes access for a guardian to a key protector.

Syntax

Revoke-HgsKeyProtectorAccess
      -KeyProtector <CimInstance>
      -Guardian <CimInstance>
      [<CommonParameters>]
Revoke-HgsKeyProtectorAccess
      -KeyProtector <CimInstance>
      -GuardianFriendlyName <String>
      [<CommonParameters>]

Description

The Revoke-HgsKeyProtectorAccess cmdlet revokes access for a Host Guardian Service guardian to a key protector. This operation requires access to private signing key of the owner.

Examples

Example 1: Revoke access for a guardian

PS C:\> $Owner = Get-HgsGuardian -Name "Guardian11"
PS C:\> $GuardianA = Get-HgsGuardian -Name "GuardianA"
PS C:\> $GuardianB = Get-HgsGuardian -Name "GuardianB"
PS C:\> New-HgsKeyProtector -Owner $Owner -Guardians @($GuardianA, $GuardianB)
PS C:\> $Guardian04 = Get-HgsGuardian -Name "GuardianA"
PS C:\> Revoke-HgsKeyProtectorAccess -KeyProtector $KeyProtector -Guardian $Guardian04

The first command gets the guardian object named Guardian11 by using the Get-HgsGuardian cmdlet, and then stores that object in the $Owner variable.

The second and third commands get two guardians named GuardianA and GuardianB. These commands store the guardians in the $GuardianA and $GuardianB variables.

The fifth command gets the guardian object named GuardianA, and then stores that object in the $Guardian04 variable.

The final command revokes access for the guardian stored in $Guardian04 for the key protector.

Parameters

-Guardian

Specifies a guardian from which to revoke access to the key.

Type:CimInstance
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-GuardianFriendlyName

Specifies a friendly name for a guardian.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-KeyProtector

Specifies the key protector for which to revoke access.

Type:CimInstance
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Outputs

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.