Grant-Hgs Key Protector Access

Syntax

Grant-HgsKeyProtectorAccess
     -KeyProtector <CimInstance>
     -Guardian <CimInstance>
     [-AllowUntrustedRoot]
     [-AllowExpired]
     [<CommonParameters>]

Grant-HgsKeyProtectorAccess
     -KeyProtector <CimInstance>
     -GuardianFriendlyName <String>
     [-AllowUntrustedRoot]
     [-AllowExpired]
     [<CommonParameters>]

Description

The Grant-HgsKeyProtectorAccess cmdlet grants a Host Guardian Service guardian access to a key protector. This operation requires the private signing key of the owner of the key protector.

Examples

Example 1: Grant access to a guardian

PS C:\> $Owner = Get-HgsGuardian -Name "Guardian06"
PS C:\> $Guardian01 = Get-HgsGuardian -Name "Guardian11"
PS C:\> $KeyProtector = New-HgsKeyProtector -Owner $Owner 
PS C:\> Grant-HgsKeyProtectorAccess -KeyProtector $KeyProtector -Guardian $Guardian01

The first command gets the guardian object named Guardian06 by using the Get-HgsGuardian cmdlet, and then stores that object in the $Owner variable.

The second commands get the guardian object named Guardian11, and then stores it in the $Guardian01 variable.

The third command creates a key protector. The command defines Guardian06, stored in $Owner , as the Owner .

The final command grants access to the guardian stored in $Guardian01 for the key protector.

Required Parameters

Optional Parameters

Outputs

CimInstance#MSFT_HgsKeyProtector

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign ( # ) provides the namespace and class name for the underlying WMI object.

Related Links

• New-HgsKeyProtector
• Revoke-HgsKeyProtectorAccess
• Get-HgsGuardian