Grant-HgsKeyProtectorAccess
Grants access to a guardian for a key protector.
Syntax
Grant-HgsKeyProtectorAccess
-KeyProtector <CimInstance>
-Guardian <CimInstance>
[-AllowUntrustedRoot]
[-AllowExpired]
[<CommonParameters>] Grant-HgsKeyProtectorAccess
-KeyProtector <CimInstance>
-GuardianFriendlyName <String>
[-AllowUntrustedRoot]
[-AllowExpired]
[<CommonParameters>] Description
The Grant-HgsKeyProtectorAccess cmdlet grants a Host Guardian Service guardian access to a key
protector. This operation requires the private signing key of the owner of the key protector.
Examples
Example 1: Grant access to a guardian
$Owner = Get-HgsGuardian -Name "Guardian06"
$Guardian01 = Get-HgsGuardian -Name "Guardian11"
$KeyProtector = New-HgsKeyProtector -Owner $Owner
Grant-HgsKeyProtectorAccess -KeyProtector $KeyProtector -Guardian $Guardian01The first command gets the guardian object named Guardian06 by using the Get-HgsGuardian cmdlet,
and then stores that object in the $Owner variable.
The second commands get the guardian object named Guardian11, and then stores it in the $Guardian01 variable.
The third command creates a key protector.
The command defines Guardian06, stored in $Owner, as the Owner.
The final command grants access to the guardian stored in $Guardian01 for the key protector.
Parameters
-AllowExpired
Indicates that this cmdlet can grant permissions to a guardian that contains certificates that are expired.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowUntrustedRoot
Indicates that this cmdlet can grant permissions to a guardian that uses self-signed certificates.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Guardian
Specifies a guardian to which to grant access to the key.
| Type: | CimInstance |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-GuardianFriendlyName
Specifies a friendly name for the guardian.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyProtector
Specifies the key protector to which to grant access.
| Type: | CimInstance |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Outputs
CimInstance
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays
Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the
namespace and class name for the underlying WMI object.