Protect-Template Disk

Prepares a signed template disk (.VHDX) which can be used to provision new shielded virtual machines.

Syntax

Protect-TemplateDisk
       -Path <String>
       -TemplateName <String>
       -Version <Version>
       -Certificate <X509Certificate2>
       [-ProtectedTemplateTargetDiskType <ProtectedTemplateTargetDiskType>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Protect-TemplateDisk
       -Path <String>
       -PopulateFrom <String>
       [-TemplateName <String>]
       [-Version <Version>]
       -Certificate <X509Certificate2>
       [-ProtectedTemplateTargetDiskType <ProtectedTemplateTargetDiskType>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Protect-TemplateDisk
       -Path <String>
       [-DiskIsAlreadySpecialized]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Protect-TemplateDisk cmdlet prepares a virtual hard disk to be used for provisioning shielded virtual machines. The virtual hard disk must use the VHDX format and contain a generalized OS image. The VHDX will be modified in place, and can only be used with shielded virtual machines after the process is complete.

Examples

Example 1: Prepare a template disk by populating existing values

PS C:\>Protect-TemplateDisk -Certificate $certificate -PopulateFrom "ExistingPreparedTemplate.vhdx" -Path "NewTemplate.vhdx" -TemplateName "Windows Server 2016"

This command prepares the .vhdx that the Path specifies. The command uses the version information from ExistingPreparedTemplate.vhdx. The command specifies the template name "Windows Server 2016".

Example 2: Prepare a template disk by specifying name and version

PS C:\>Protect-TemplateDisk -Certificate $certificate -Path "WindowsServer2016-ShieldedTemplate.vhdx" -TemplateName "Windows Server 2016" -Version 1.0.0.0

This command prepares the .vhdx that the Path specifies. The command uses the name and version information specified by the TemplateName and Version parameters.

Required Parameters

-Certificate

Specifies the certificate used to sign metadata including the disk name, version, and hash calculated during the preparation process. The specified certificate must have a private key installed on the local machine.

Type: X509Certificate2
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Path

Specifies the path to the template disk (.VHDX) to be prepared.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PopulateFrom

Specifies the path of a template disk that contains a previously published volume signature catalog. The disk name, version, and certificate will be used as defaults for the new template disk.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-TemplateName

Specifies the name of the template.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Version

Specifies a value that uniquely identifies this version of the template. The version value uses the form a.b.c.d, where each value is an integer less than 65536.

Type: Version
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-DiskIsAlreadySpecialized

Indicates the disk has already been prepared as a signed template disk, but its contents have since changed.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ProtectedTemplateTargetDiskType

Specifies the type of OS installed on the VHDX.

Type: ProtectedTemplateTargetDiskType
Parameter Sets: MicrosoftWindows, PreprocessedLinux
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False