| Server IP : 134.29.175.74 / Your IP : 216.73.216.160 Web Server : nginx/1.10.2 System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586 User : Administrator ( 0) PHP Version : 7.1.0 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Windows/System32/WindowsPowerShell/v1.0/en-US/ |
Upload File : |
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh">
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertFrom-SecureString</command:name>
<command:verb>ConvertFrom</command:verb>
<command:noun>SecureString</command:noun>
<maml:description>
<maml:para>Converts a secure string to an encrypted standard string.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The ConvertFrom-SecureString cmdlet converts a secure string ( System.Security.SecureString ) into an encrypted standard string ( System.String ). Unlike a secure string, an encrypted standard string can be saved in a file for later use. The encrypted standard string can be converted back to its secure string format by using the `ConvertTo-SecureString` cmdlet.</maml:para>
<maml:para>If an encryption key is specified by using the Key or SecureKey parameters, the Advanced Encryption Standard (AES) encryption algorithm is used. The specified key must have a length of 128, 192, or 256 bits because those are the key lengths supported by the AES encryption algorithm. If no key is specified, the Windows Data Protection API (DPAPI) is used to encrypt the standard string representation.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertFrom-SecureString</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>SecureString</maml:name>
<maml:Description>
<maml:para>Specifies the secure string to convert to an encrypted standard string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Key</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key as a byte array.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>ConvertFrom-SecureString</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>SecureString</maml:name>
<maml:Description>
<maml:para>Specifies the secure string to convert to an encrypted standard string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>SecureKey</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key as a secure string. The secure string value is converted to a byte array before being used as the key.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Key</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key as a byte array.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>SecureKey</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key as a secure string. The secure string value is converted to a byte array before being used as the key.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>SecureString</maml:name>
<maml:Description>
<maml:para>Specifies the secure string to convert to an encrypted standard string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe a SecureString object to ConvertFrom-SecureString.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>ConvertFrom-SecureString returns a standard string object.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>- To create a secure string from characters that are typed at the command prompt, use the AsSecureString parameter of the `Read-Host` cmdlet. - When you use the Key or SecureKey parameters to specify a key, the key length must be correct. For example, a key of 128 bits can be specified as a byte array of 16 decimal numerals. Similarly, 192-bit and 256-bit keys correspond to byte arrays of 24 and 32 decimal numerals, respectively. - Some characters, such as emoticons, correspond to several code points in the string that contains them. Avoid using these characters because they may cause problems and misunderstandings when used in a password.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------- Example 1: Create a secure string --------------</maml:title>
<dev:code>$SecureString = Read-Host -AsSecureString</dev:code>
<dev:remarks>
<maml:para>This command creates a secure string from characters that you type at the command prompt. After entering the command, type the string you want to store as a secure string. An asterisk (`*`) is displayed to represent each character that you type.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 2: Convert a secure string to an encrypted standard string</maml:title>
<dev:code>$StandardString = ConvertFrom-SecureString $SecureString</dev:code>
<dev:remarks>
<maml:para>This command converts the secure string in the `$SecureString` variable to an encrypted standard string. The resulting encrypted standard string is stored in the `$StandardString` variable.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 3: Convert a secure string to an encrypted standard string with a 192-bit key</maml:title>
<dev:code>$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$StandardString = ConvertFrom-SecureString $SecureString -Key $Key</dev:code>
<dev:remarks>
<maml:para>These commands use the Advanced Encryption Standard (AES) algorithm to convert the secure string stored in the `$SecureString` variable to an encrypted standard string with a 192-bit key. The resulting encrypted standard string is stored in the `$StandardString` variable.</maml:para>
<maml:para>The first command stores a key in the `$Key` variable. The key is an array of 24 decimal numerals, each of which must be less than 256 to fit within a single unsigned byte.</maml:para>
<maml:para>Because each decimal numeral represents a single byte (8 bits), the key has 24 digits for a total of 192 bits (8 x 24). This is a valid key length for the AES algorithm.</maml:para>
<maml:para>The second command uses the key in the `$Key` variable to convert the secure string to an encrypted standard string.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/convertfrom-securestring?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertTo-SecureString</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Read-Host</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>ConvertTo-SecureString</command:name>
<command:verb>ConvertTo</command:verb>
<command:noun>SecureString</command:noun>
<maml:description>
<maml:para>Converts encrypted standard strings to secure strings. It can also convert plain text to secure strings. It is used with ConvertFrom-SecureString and Read-Host.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The ConvertTo-SecureString cmdlet converts encrypted standard strings into secure strings. It can also convert plain text to secure strings. It is used with ConvertFrom-SecureString and Read-Host. The secure string created by the cmdlet can be used with cmdlets or functions that require a parameter of type SecureString. The secure string can be converted back to an encrypted, standard string using the ConvertFrom-SecureString cmdlet. This enables it to be stored in a file for later use.</maml:para>
<maml:para>If the standard string being converted was encrypted with ConvertFrom-SecureString using a specified key, that same key must be provided as the value of the Key or SecureKey parameter of the ConvertTo-SecureString cmdlet.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>ConvertTo-SecureString</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>String</maml:name>
<maml:Description>
<maml:para>Specifies the string to convert to a secure string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>AsPlainText</maml:name>
<maml:Description>
<maml:para>Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>ConvertTo-SecureString</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>String</maml:name>
<maml:Description>
<maml:para>Specifies the string to convert to a secure string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Key</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key used to convert the original secure string into the encrypted standard string. Valid key lengths are 16, 24 and 32 bytes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>ConvertTo-SecureString</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>String</maml:name>
<maml:Description>
<maml:para>Specifies the string to convert to a secure string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>SecureKey</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key used to convert the original secure string into the encrypted standard string. The key must be provided in the format of a secure string. The secure string will be converted to a byte array to be used as the key. Valid secure key lengths are 8, 12 and 16 code points.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>AsPlainText</maml:name>
<maml:Description>
<maml:para>Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Key</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key used to convert the original secure string into the encrypted standard string. Valid key lengths are 16, 24 and 32 bytes.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>SecureKey</maml:name>
<maml:Description>
<maml:para>Specifies the encryption key used to convert the original secure string into the encrypted standard string. The key must be provided in the format of a secure string. The secure string will be converted to a byte array to be used as the key. Valid secure key lengths are 8, 12 and 16 code points.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.SecureString</command:parameterValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>String</maml:name>
<maml:Description>
<maml:para>Specifies the string to convert to a secure string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe a standard encrypted string to ConvertTo-SecureString .</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Security.SecureString</maml:name>
</dev:type>
<maml:description>
<maml:para>ConvertTo-SecureString returns a SecureString object.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>Some characters, such as emoticons, correspond to several code points in the string that contains them. Avoid using these characters because they may cause problems and misunderstandings when used in a password.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-- Example 1: Convert a secure string to an encrypted string --</maml:title>
<dev:code>PS C:\> $Secure = Read-Host -AsSecureString
PS C:\> $Secure
System.Security.SecureString PS C:\> $Encrypted = ConvertFrom-SecureString -SecureString $Secure
PS C:\> $Encrypted
01000000d08c9ddf0115d1118c7a00c04fc297eb010000001a114d45b8dd3f4aa11ad7c0abdae9800000000002000000000003660000a8000000100000005df63cea84bfb7d70bd6842e7
efa79820000000004800000a000000010000000f10cd0f4a99a8d5814d94e0687d7430b100000008bf11f1960158405b2779613e9352c6d14000000e6b7bf46a9d485ff211b9b2a2df3bd
6eb67aae41 PS C:\> $Secure2 = ConvertTo-SecureString -String $Encrypted
PS C:\> $Secure2
System.Security.SecureString</dev:code>
<dev:remarks>
<maml:para>This example shows how to create a secure string from user input, convert the secure string to an encrypted standard string, and then convert the encrypted standard string back to a secure string.</maml:para>
<maml:para>The first command uses the AsSecureString parameter of the Read-Host cmdlet to create a secure string. After you enter the command, any characters that you type are converted into a secure string and then saved in the $Secure variable.</maml:para>
<maml:para>The second command displays the contents of the $Secure variable. Because the $Secure variable contains a secure string, Windows PowerShell displays only the System.Security.SecureString type.</maml:para>
<maml:para>The third command uses the ConvertFrom-SecureString cmdlet to convert the secure string in the $Secure variable into an encrypted standard string. It saves the result in the $Encrypted variable.</maml:para>
<maml:para>The fourth command displays the encrypted string in the value of the $Encrypted variable.</maml:para>
<maml:para>The fifth command uses the ConvertTo-SecureString cmdlet to convert the encrypted standard string in the $Encrypted variable back into a secure string. It saves the result in the $Secure2 variable. The sixth command displays the value of the $Secure2 variable. The SecureString type indicates that the command was successful.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 2: Create a secure string from an encrypted string in a file</maml:title>
<dev:code>PS C:\> $Secure = Read-Host -AsSecureString
PS C:\> $Encrypted = ConvertFrom-SecureString -SecureString $Secure -Key (1..16)
PS C:\> $Encrypted | Set-Content Encrypted.txt
PS C:\> $Secure2 = Get-Content Encrypted.txt | ConvertTo-SecureString -Key (1..16)</dev:code>
<dev:remarks>
<maml:para>This example shows how to create a secure string from an encrypted standard string that is saved in a file.</maml:para>
<maml:para>The first command uses the AsSecureString parameter of the Read-Host cmdlet to create a secure string. After you enter the command, any characters that you type are converted into a secure string and then saved in the $Secure variable.</maml:para>
<maml:para>The second command uses the ConvertFrom-SecureString cmdlet to convert the secure string in the $Secure variable into an encrypted standard string by using the specified key. The contents are saved in the $Encrypted variable.</maml:para>
<maml:para>The third command uses a pipeline operator (|) to send the value of the $Encrypted variable to the Set-Content cmdlet, which saves the value in the Encrypted.txt file.</maml:para>
<maml:para>The fourth command uses the Get-Content cmdlet to get the encrypted standard string in the Encrypted.txt file. The command uses a pipeline operator to send the encrypted string to the ConvertTo-SecureString cmdlet, which converts it to a secure string by using the specified key. The results are saved in the $Secure2 variable.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-- Example 3: Convert a plain text string to a secure string --</maml:title>
<dev:code>PS C:\> $Secure_String_Pwd = ConvertTo-SecureString "P@ssW0rD!" -AsPlainText -Force</dev:code>
<dev:remarks>
<maml:para>This command converts the plain text string P@ssW0rD! into a secure string and stores the result in the $Secure_String_Pwd variable. To use the AsPlainText parameter, the Force parameter must also be included in the command.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/convertto-securestring?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ConvertFrom-SecureString</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-Acl</command:name>
<command:verb>Get</command:verb>
<command:noun>Acl</command:noun>
<maml:description>
<maml:para>Gets the security descriptor for a resource, such as a file or registry key.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Get-Acl` cmdlet gets objects that represent the security descriptor of a file or resource. The security descriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.</maml:para>
<maml:para>Beginning in Windows PowerShell 3.0, you can use the InputObject parameter of `Get-Acl` to get the security descriptor of objects that do not have a path.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-Acl</maml:name>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to a resource. `Get-Acl` gets the security descriptor of the resource indicated by the path. Wildcards are permitted. If you omit the Path parameter, `Get-Acl` gets the security descriptor of the current directory.</maml:para>
<maml:para>The parameter name ("Path") is optional.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Audit</maml:name>
<maml:Description>
<maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when getting the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AllCentralAccessPolicies</maml:name>
<maml:Description>
<maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-Acl</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Audit</maml:name>
<maml:Description>
<maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when getting the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AllCentralAccessPolicies</maml:name>
<maml:Description>
<maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>InputObject</maml:name>
<maml:Description>
<maml:para>Gets the security descriptor for the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para>
<maml:para>You cannot pipe an object, other than a path, to `Get-Acl`. Instead, use the InputObject parameter explicitly in the command.</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-Acl</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Audit</maml:name>
<maml:Description>
<maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when getting the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AllCentralAccessPolicies</maml:name>
<maml:Description>
<maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a resource. Unlike Path , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Audit</maml:name>
<maml:Description>
<maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when getting the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to a resource. `Get-Acl` gets the security descriptor of the resource indicated by the path. Wildcards are permitted. If you omit the Path parameter, `Get-Acl` gets the security descriptor of the current directory.</maml:para>
<maml:para>The parameter name ("Path") is optional.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>AllCentralAccessPolicies</maml:name>
<maml:Description>
<maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>InputObject</maml:name>
<maml:Description>
<maml:para>Gets the security descriptor for the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para>
<maml:para>You cannot pipe an object, other than a path, to `Get-Acl`. Instead, use the InputObject parameter explicitly in the command.</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a resource. Unlike Path , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
<maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe a string that contains a path to `Get-Acl`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Security.AccessControl.FileSecurity, System.Security.AccessControl.DirectorySecurity, System.Security.AccessControl.RegistrySecurity</maml:name>
</dev:type>
<maml:description>
<maml:para>`Get-Acl` returns an object that represents the ACLs that it gets. The object type depends upon the ACL type.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>By default, `Get-Acl` displays the PowerShell path to the resource (`<provider>::<resource-path>`), the owner of the resource, and "Access", a list (array) of the access control entries in the discretionary access control list (DACL) for the resource. The DACL list is controlled by the resource owner.</maml:para>
<maml:para>When you format the result as a list, (`Get-Acl | Format-List`), in addition to the path, owner, and access list, PowerShell displays the following properties and property values:</maml:para>
<maml:para>- Group : The security group of the owner. - Audit : A list (array) of entries in the system access control list (SACL). The SACL specifies the types of access attempts for which Windows generates audit records. - Sddl : The security descriptor of the resource displayed in a single text string in Security Descriptor Definition Language format. PowerShell uses the GetSddlForm method of security descriptors to get this data.</maml:para>
<maml:para>Because `Get-Acl` is supported by the file system and registry providers, you can use `Get-Acl` to view the ACL of file system objects, such as files and directories, and registry objects, such as registry keys and entries.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------- Example 1- Get an ACL for a folder --------------</maml:title>
<dev:code>Get-Acl C:\Windows</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>----- Example 2 - Get an ACL for a folder using wildcards -----</maml:title>
<dev:code>Get-Acl C:\Windows\s*.log | Format-List -Property PSPath, Sddl</dev:code>
<dev:remarks>
<maml:para>The command uses the `Get-Acl` cmdlet to get objects representing the security descriptors of each log file. It uses a pipeline operator (`|`) to send the results to the `Format-List` cmdlet. The command uses the Property parameter of `Format-List` to display only the PsPath and SDDL properties of each security descriptor object.</maml:para>
<maml:para>Lists are often used in PowerShell, because long values appear truncated in tables.</maml:para>
<maml:para>The SDDL values are valuable to system administrators, because they are simple text strings that contain all of the information in the security descriptor. As such, they are easy to pass and store, and they can be parsed when needed.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>------ Example 3 - Get count of Audit entries for an ACL ------</maml:title>
<dev:code>Get-Acl C:\Windows\s*.log -Audit | ForEach-Object { $_.Audit.Count }</dev:code>
<dev:remarks>
<maml:para>It uses the Audit parameter to get the audit records from the SACL in the security descriptor. Then it uses the `ForEach-Object` cmdlet to count the number of audit records associated with each file. The result is a list of numbers representing the number of audit records for each log file.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>---------- Example 4 - Get an ACL for a registry key ----------</maml:title>
<dev:code>Get-Acl -Path HKLM:\System\CurrentControlSet\Control | Format-List</dev:code>
<dev:remarks>
<maml:para>The Path parameter specifies the Control subkey. The pipeline operator (`|`) passes the security descriptor that `Get-Acl` gets to the `Format-List` command, which formats the properties of the security descriptor as a list so that they are easy to read.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>--------- Example 5 - Get an ACL using **InputObject** ---------</maml:title>
<dev:code>Get-Acl -InputObject (Get-StorageSubSystem -Name S087)</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/get-acl?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-Acl</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-AuthenticodeSignature</command:name>
<command:verb>Get</command:verb>
<command:noun>AuthenticodeSignature</command:noun>
<maml:description>
<maml:para>Gets information about the Authenticode signature for a file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Get-AuthenticodeSignature` cmdlet gets information about the Authenticode signature for a file or file content as a byte array. If the file is not signed, the information is retrieved, but the fields are blank.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-AuthenticodeSignature</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Contents of a file as a byte array for which the Authenticode signature is retrieved. This parameter must be used with SourcePathOrExtension parameter. The contents of the file must be in Unicode (UTF-16LE) format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none">
<maml:name>SourcePathOrExtension</maml:name>
<maml:Description>
<maml:para>Path to the file or file type of the content for which the Authenticode signature is retrieved. This parameter is used with Content where file content is passed as a byte array.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-AuthenticodeSignature</maml:name>
<command:parameter required="true" variableLength="true" globbing="true" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>FilePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to the file to examine. Wildcards are permitted, but they must lead to a single file. It is not necessary to type FilePath at the command line when you specify a value for this parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-AuthenticodeSignature</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to the file being examined. Unlike FilePath , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes an escape character, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape characters.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Contents of a file as a byte array for which the Authenticode signature is retrieved. This parameter must be used with SourcePathOrExtension parameter. The contents of the file must be in Unicode (UTF-16LE) format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="true" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>FilePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to the file to examine. Wildcards are permitted, but they must lead to a single file. It is not necessary to type FilePath at the command line when you specify a value for this parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to the file being examined. Unlike FilePath , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes an escape character, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape characters.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none">
<maml:name>SourcePathOrExtension</maml:name>
<maml:Description>
<maml:para>Path to the file or file type of the content for which the Authenticode signature is retrieved. This parameter is used with Content where file content is passed as a byte array.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe a string that contains a file path to `Get-AuthenticodeSignature`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Management.Automation.Signature</maml:name>
</dev:type>
<maml:description>
<maml:para>`Get-AuthenticodeSignature` returns a signature object for each signature that it gets.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>For information about Authenticode signatures in PowerShell, see about_Signing (../Microsoft.PowerShell.Core/About/about_Signing.md).</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>----- Example 1: Get the Authenticode signature for a file -----</maml:title>
<dev:code>Get-AuthenticodeSignature -FilePath "C:\Test\NewScript.ps1"</dev:code>
<dev:remarks>
<maml:para>This command gets information about the Authenticode signature in the NewScript.ps1 file. It uses the FilePath parameter to specify the file.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>- Example 2: Get the Authenticode signature for multiple files -</maml:title>
<dev:code>Get-AuthenticodeSignature test.ps1, test1.ps1, sign-file.ps1, makexml.ps1</dev:code>
<dev:remarks>
<maml:para>This command gets information about the Authenticode signature for the four files listed at the command line. In this example, the name of the FilePath parameter, which is optional, is omitted.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 3: Get only valid Authenticode signatures for multiple files</maml:title>
<dev:code>Get-ChildItem $PSHOME\*.* | ForEach-object {Get-AuthenticodeSignature $_} | Where-Object {$_.status -eq "Valid"}</dev:code>
<dev:remarks>
<maml:para>This command lists all of the files in the `$PSHOME` directory that have a valid Authenticode signature. The `$PSHOME` automatic variable contains the path to the PowerShell installation directory.</maml:para>
<maml:para>The command uses the `Get-ChildItem` cmdlet to get the files in the `$PSHOME` directory. It uses a pattern of . to exclude directories (although it also excludes files without a dot in the filename).</maml:para>
<maml:para>The command uses a pipeline operator (`|`) to send the files in `$PSHOME` to the `ForEach-Object` cmdlet, where `Get-AuthenticodeSignature` is called for each file.</maml:para>
<maml:para>The results of the `Get-AuthenticodeSignature` command are sent to a `Where-Object` command that selects only the signature objects with a status of Valid.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 4: Get the Authenticode signature for a file content specified as byte array</maml:title>
<dev:code>Get-AuthenticodeSignature -Content (Get-Content foo.ps1 -AsByteStream) -SourcePathorExtension ps1</dev:code>
<dev:remarks>
<maml:para>This command gets information about the Authenticode signature for the content of a file. In this example, the file extension is specified along with the content of the file.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/get-authenticodesignature?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ExecutionPolicy</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ExecutionPolicy</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Execution_Policies</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Signing</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-CmsMessage</command:name>
<command:verb>Get</command:verb>
<command:noun>CmsMessage</command:noun>
<maml:description>
<maml:para>Gets content that has been encrypted by using the Cryptographic Message Syntax format.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Get-CmsMessage` cmdlet gets content that has been encrypted using the Cryptographic Message Syntax (CMS) format.</maml:para>
<maml:para>The CMS cmdlets support encryption and decryption of content using the IETF format for cryptographically protecting messages, as documented by RFC5652 (https://tools.ietf.org/html/rfc5652).</maml:para>
<maml:para>The CMS encryption standard uses public key cryptography, where the keys used to encrypt content (the public key) and the keys used to decrypt content (the private key) are separate. Your public key can be shared widely, and is not sensitive data. If any content is encrypted with this public key, only your private key can decrypt it. For more information, see Public-key cryptography (https://en.wikipedia.org/wiki/Public-key_cryptography).</maml:para>
<maml:para>`Get-CmsMessage` gets content that has been encrypted in CMS format. It does not decrypt or unprotect content. You can run this cmdlet to get content that you have encrypted by running the `Protect-CmsMessage` cmdlet. You can specify content that you want to decrypt as a string, or by path to the encrypted content. You can pipe the results of `Get-CmsMessage` to `Unprotect-CmsMessage` to decrypt the content, provided that you have information about the document encryption certificate that was used to encrypt the content.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Specifies an encrypted string, or a variable containing an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to get. Unlike Path , the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcard characters. If the path includes escape characters, enclose each one in single quotation marks. Single quotation marks tell PowerShell not to interpret enclosed characters as escape characters.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to decrypt.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Specifies an encrypted string, or a variable containing an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to get. Unlike Path , the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcard characters. If the path includes escape characters, enclose each one in single quotation marks. Single quotation marks tell PowerShell not to interpret enclosed characters as escape characters.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to decrypt.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes />
<command:returnValues />
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>--------------- Example 1: Get encrypted content ---------------</maml:title>
<dev:code>$Msg = Get-CmsMessage -Path "C:\Users\Test\Documents\PowerShell\Future_Plans.txt"
$Msg.Content
-----BEGIN CMS-----
MIIBqAYJKoZIhvcNAQcDoIIBmTCCAZUCAQAxggFQMIIBTAIBADA0MCAxHjAcBgNVBAMBFWxlZWhv
bG1AbGljcm9zb2Z0LmNvbQIQQYHsbcXnjIJCtH+OhGmc1DANBgkqhkiG9w0BAQcwAASCAQAnkFHM
proJnFy4geFGfyNmxH3yeoPvwEYzdnsoVqqDPAd8D3wao77z7OhJEXwz9GeFLnxD6djKV/tF4PxR
E27aduKSLbnxfpf/sepZ4fUkuGibnwWFrxGE3B1G26MCenHWjYQiqv+Nq32Gc97qEAERrhLv6S4R
G+2dJEnesW8A+z9QPo+DwYP5FzD0Td0ExrkswVckpLNR6j17Yaags3ltNXmbdEXekhi6Psf2MLMP
TSO79lv2L0KeXFGuPOrdzPRwCkV0vNEqTEBeDnZGrjv/5766bM3GW34FXApod9u+VSFpBnqVOCBA
DVDraA6k+xwBt66cV84AHLkh0kT02SIHMDwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJbJaiRl
KMnBoD1dkb/FzSWAEBaL8xkFwCu0e1AtDj7nSJc=
-----END CMS-----</dev:code>
<dev:remarks>
<maml:para>This command gets encrypted content located at C:\Users\Test\Documents\PowerShell\Future_Plans.txt.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-- Example 2: Pipe encrypted content to Unprotect-CmsMessage --</maml:title>
<dev:code>$Msg = Get-CmsMessage -Path "C:\Users\Test\Documents\PowerShell\Future_Plans.txt"
$Msg | Unprotect-CmsMessage -To "cn=youralias@emailaddress.com"
Try the new Break All command</dev:code>
<dev:remarks>
<maml:para>This command pipes the results of the `Get-CmsMessage` cmdlet from Example 1 to `Unprotect-CmsMessage`, to decrypt the message and read it in plain text. In this case, the value of the To parameter is the value of the encrypting certificate's Subject line. The decrypted message, "Try the new Break All command," is the result.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/get-cmsmessage?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Providers</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Protect-CmsMessage</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Unprotect-CmsMessage</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-Credential</command:name>
<command:verb>Get</command:verb>
<command:noun>Credential</command:noun>
<maml:description>
<maml:para>Gets a credential object based on a user name and password.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Get-Credential` cmdlet creates a credential object for a specified user name and password. You can use the credential object in security operations.</maml:para>
<maml:para>Beginning in PowerShell 3.0, you can use the Message parameter to specify a customized message on the dialog box that prompts the user for their name and password.</maml:para>
<maml:para>The `Get-Credential` cmdlet prompts the user for a password or a user name and password. By default, an authentication dialog box appears to prompt the user. However, in some host programs, such as the PowerShell console, you can prompt the user at the command line by changing a registry entry. For more information about this registry entry, see the notes and examples.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-Credential</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user name for the credential, such as User01 or Domain01\User01 . The parameter name, `-Credential`, is optional.</maml:para>
<maml:para>When you submit the command and specify a user name, you're prompted for a password. If you omit this parameter, you're prompted for a user name and a password.</maml:para>
<maml:para>Starting in PowerShell 3.0, if you enter a user name without a domain, `Get-Credential` no longer inserts a backslash before the name.</maml:para>
<maml:para>Credentials are stored in a PSCredential (/dotnet/api/system.management.automation.pscredential)object and the password is stored as a SecureString (/dotnet/api/system.security.securestring).</maml:para>
<maml:para>> [!NOTE] > For more information about SecureString data protection, see > How secure is SecureString? (/dotnet/api/system.security.securestring#how-secure-is-securestring).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSCredential</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-Credential</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>UserName</maml:name>
<maml:Description>
<maml:para>Specifies a user name. The authentication prompt requests a password for the user name. By default, the user name is blank and the authentication prompt requests both a user name and password.</maml:para>
<maml:para>When the authentication prompt appears in a dialog box, the user can edit the specified user name. However, the user cannot change the user name when the prompt appears at the command line. When using this parameter in a shared function or script, consider all possible presentations.</maml:para>
<maml:para>This parameter was introduced in PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None (blank)</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Message</maml:name>
<maml:Description>
<maml:para>Specifies a message that appears in the authentication prompt. This parameter is designed for use in a function or script. You can use the message to explain to the user why you are requesting credentials and how they will be used.</maml:para>
<maml:para>This parameter was introduced in PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Credential</maml:name>
<maml:Description>
<maml:para>Specifies a user name for the credential, such as User01 or Domain01\User01 . The parameter name, `-Credential`, is optional.</maml:para>
<maml:para>When you submit the command and specify a user name, you're prompted for a password. If you omit this parameter, you're prompted for a user name and a password.</maml:para>
<maml:para>Starting in PowerShell 3.0, if you enter a user name without a domain, `Get-Credential` no longer inserts a backslash before the name.</maml:para>
<maml:para>Credentials are stored in a PSCredential (/dotnet/api/system.management.automation.pscredential)object and the password is stored as a SecureString (/dotnet/api/system.security.securestring).</maml:para>
<maml:para>> [!NOTE] > For more information about SecureString data protection, see > How secure is SecureString? (/dotnet/api/system.security.securestring#how-secure-is-securestring).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSCredential</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSCredential</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Message</maml:name>
<maml:Description>
<maml:para>Specifies a message that appears in the authentication prompt. This parameter is designed for use in a function or script. You can use the message to explain to the user why you are requesting credentials and how they will be used.</maml:para>
<maml:para>This parameter was introduced in PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>UserName</maml:name>
<maml:Description>
<maml:para>Specifies a user name. The authentication prompt requests a password for the user name. By default, the user name is blank and the authentication prompt requests both a user name and password.</maml:para>
<maml:para>When the authentication prompt appears in a dialog box, the user can edit the specified user name. However, the user cannot change the user name when the prompt appears at the command line. When using this parameter in a shared function or script, consider all possible presentations.</maml:para>
<maml:para>This parameter was introduced in PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None (blank)</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para>You cannot pipe input to this cmdlet.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Management.Automation.PSCredential</maml:name>
</dev:type>
<maml:description>
<maml:para>`Get-Credential` returns a credential object.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>You can use the PSCredential object that `Get-Credential` creates in cmdlets that request user authentication, such as those with a Credential parameter.</maml:para>
<maml:para>By default, the authentication prompt appears in a dialog box. To display the authentication prompt at the command line, add the ConsolePrompting registry entry (`HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\ConsolePrompting`) and set its value to True . If the ConsolePrompting registry entry does not exist or if its value is False, the authentication prompt appears in a dialog box. For instructions, see the examples.</maml:para>
<maml:para>The ConsolePrompting registry entry works in the PowerShell console, but it does not work in all host programs.</maml:para>
<maml:para>For example, it has no effect in the PowerShell Integrated Scripting Environment (ISE). For information about the effect of the ConsolePrompting registry entry, see the help topics for the host program.</maml:para>
<maml:para>The Credential parameter is not supported by all providers that are installed with PowerShell. Beginning in PowerShell 3.0, it is supported on selected cmdlet, such as the `Get-WmiObject` and `New-PSDrive` cmdlets.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------------------- Example 1 --------------------------</maml:title>
<dev:code>$c = Get-Credential</dev:code>
<dev:remarks>
<maml:para>This command gets a credential object and saves it in the `$c` variable.</maml:para>
<maml:para>When you enter the command, a dialog box appears requesting a user name and password. When you enter the requested information, the cmdlet creates a PSCredential object representing the credentials of the user and saves it in the `$c` variable.</maml:para>
<maml:para>You can use the object as input to cmdlets that request user authentication, such as those with a Credential parameter. However, some providers that are installed with PowerShell do not support the Credential parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 2 --------------------------</maml:title>
<dev:code>$c = Get-Credential
Get-CimInstance Win32_DiskDrive -ComputerName Server01 -Credential $c</dev:code>
<dev:remarks>
<maml:para>These commands use a credential object that the `Get-Credential` cmdlet returns to authenticate a user on a remote computer so they can use Windows Management Instrumentation (WMI) to manage the computer.</maml:para>
<maml:para>The first command gets a credential object and saves it in the `$c` variable. The second command uses the credential object in a `Get-CimInstance` command. This command gets information about the disk drives on the Server01 computer.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 3 --------------------------</maml:title>
<dev:code>Get-CimInstance Win32_BIOS -ComputerName Server01 -Credential (Get-Credential -Credential Domain01\User01)</dev:code>
<dev:remarks>
<maml:para>This command shows how to include a `Get-Credential` command in a `Get-CimInstance` command.</maml:para>
<maml:para>This command uses the `Get-CimInstance` cmdlet to get information about the BIOS on the Server01 computer. It uses the Credential parameter to authenticate the user, Domain01\User01, and a `Get-Credential` command as the value of the Credential parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 4 --------------------------</maml:title>
<dev:code>$c = Get-Credential -credential User01
$c.Username
User01</dev:code>
<dev:remarks>
<maml:para>This example creates a credential that includes a user name without a domain name.</maml:para>
<maml:para>The first command gets a credential with the user name User01 and stores it in the `$c` variable. The second command displays the value of the Username property of the resulting credential object.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 5 --------------------------</maml:title>
<dev:code>$Credential = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "NetBiosUserName")</dev:code>
<dev:remarks>
<maml:para>This command uses the PromptForCredential method to prompt the user for their user name and password. The command saves the resulting credentials in the `$Credential` variable.</maml:para>
<maml:para>The PromptForCredential method is an alternative to using the `Get-Credential` cmdlet. When you use PromptForCredential , you can specify the caption, messages, and user name that appear in the message box.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 6 --------------------------</maml:title>
<dev:code>Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds" -Name ConsolePrompting -Value $true</dev:code>
<dev:remarks>
<maml:para>This example shows how to modify the registry so that the user is prompted at the command line, instead of by using a dialog box.</maml:para>
<maml:para>The command creates the ConsolePrompting registry entry and sets its value to True. To run this command, start PowerShell with the "Run as administrator" option.</maml:para>
<maml:para>To use a dialog box for prompting, set the value of the ConsolePrompting to false ($false) or use the `Remove-ItemProperty` cmdlet to delete it.</maml:para>
<maml:para>The ConsolePrompting registry entry works in some host programs, such as the PowerShell console. It might not work in all host programs.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 7 --------------------------</maml:title>
<dev:code>$User = "Domain01\User01"
$PWord = ConvertTo-SecureString -String "P@sSwOrd" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord</dev:code>
<dev:remarks>
<maml:para>The first command saves the user account name in the `$User` parameter. The value must have the "Domain\User" or "ComputerName\User" format.</maml:para>
<maml:para>The second command uses the `ConvertTo-SecureString` cmdlet to create a secure string from a plain text password. The command uses the AsPlainText parameter to indicate that the string is plain text and the Force parameter to confirm that you understand the risks of using plain text.</maml:para>
<maml:para>The third command uses the `New-Object` cmdlet to create a PSCredential object from the values in the `$User` and `$PWord` variables.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 8 --------------------------</maml:title>
<dev:code>Get-Credential -Message "Credential are required for access to the \\Server1\Scripts file share." -User Server01\PowerUser
PowerShell Credential Request
Credential are required for access to the \\Server1\Scripts file share.
Password for user Server01\PowerUser:</dev:code>
<dev:remarks>
<maml:para>This command uses the Message and UserName parameters of the `Get-Credential` cmdlet. This command format is designed for shared scripts and functions. In this case, the message tells the user why credentials are needed and gives them confidence that the request is legitimate.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------------------- Example 9 --------------------------</maml:title>
<dev:code>Invoke-Command -ComputerName Server01 {Get-Credential Domain01\User02}
PowerShell Credential Request : PowerShell Credential Request
Warning: This credential is being requested by a script or application on the SERVER01 remote computer. Enter your credentials only if you
trust the remote computer and the application or script requesting it.
Enter your credentials.
Password for user Domain01\User02: ***************
PSComputerName : Server01
RunspaceId : 422bdf52-9886-4ada-ab2f-130497c6777f
PSShowComputerName : True
UserName : Domain01\User01
Password : System.Security.SecureString</dev:code>
<dev:remarks>
<maml:para>This command gets a credential from the Server01 remote computer. The command uses the `Invoke-Command` cmdlet to run a `Get-Credential` command on the remote computer. The output shows the remote security message that `Get-Credential` includes in the authentication prompt.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/get-credential?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-ExecutionPolicy</command:name>
<command:verb>Get</command:verb>
<command:noun>ExecutionPolicy</command:noun>
<maml:description>
<maml:para>Gets the execution policies for the current session.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>To display the execution policies for each scope in the order of precedence, use `Get-ExecutionPolicy -List`. To see the effective execution policy for your PowerShell session use `Get-ExecutionPolicy` with no parameters.</maml:para>
<maml:para>The effective execution policy is determined by execution policies that are set by `Set-ExecutionPolicy` and Group Policy settings.</maml:para>
<maml:para>For more information, see about_Execution_Policies (../Microsoft.PowerShell.Core/about/about_Execution_Policies.md).</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-ExecutionPolicy</maml:name>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
<maml:name>Scope</maml:name>
<maml:Description>
<maml:para>Specifies the scope that is affected by an execution policy.</maml:para>
<maml:para>The effective execution policy is determined by the order of precedence as follows:</maml:para>
<maml:para>- MachinePolicy . Set by a Group Policy for all users of the computer. - UserPolicy . Set by a Group Policy for the current user of the computer. - Process . Affects only the current PowerShell session. - CurrentUser . Affects only the current user. - LocalMachine . Default scope that affects all users of the computer.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">LocalMachine</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">MachinePolicy</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">UserPolicy</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">Microsoft.PowerShell.ExecutionPolicyScope</command:parameterValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicyScope</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>Effective execution policy</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>List</maml:name>
<maml:Description>
<maml:para>Gets all execution policy values for the session listed in precedence order. By default, `Get-ExecutionPolicy` gets only the effective execution policy.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>List</maml:name>
<maml:Description>
<maml:para>Gets all execution policy values for the session listed in precedence order. By default, `Get-ExecutionPolicy` gets only the effective execution policy.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
<maml:name>Scope</maml:name>
<maml:Description>
<maml:para>Specifies the scope that is affected by an execution policy.</maml:para>
<maml:para>The effective execution policy is determined by the order of precedence as follows:</maml:para>
<maml:para>- MachinePolicy . Set by a Group Policy for all users of the computer. - UserPolicy . Set by a Group Policy for the current user of the computer. - Process . Affects only the current PowerShell session. - CurrentUser . Affects only the current user. - LocalMachine . Default scope that affects all users of the computer.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Microsoft.PowerShell.ExecutionPolicyScope</command:parameterValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicyScope</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>Effective execution policy</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para>`Get-ExecutionPolicy` doesn't accept input from the pipeline.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicy</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>An execution policy is part of the PowerShell security strategy. Execution policies determine whether you can load configuration files, such as your PowerShell profile, or run scripts. And, whether scripts must be digitally signed before they are run.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>------------ Example 1: Get all execution policies ------------</maml:title>
<dev:code>Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine Undefined</dev:code>
<dev:remarks>
<maml:para>The `Get-ExecutionPolicy` cmdlet uses the List parameter to display each scope's execution policy.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------------- Example 2: Set an execution policy --------------</maml:title>
<dev:code>Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine RemoteSigned</dev:code>
<dev:remarks>
<maml:para>The `Set-ExecutionPolicy` cmdlet uses the ExecutionPolicy parameter to specify the RemoteSigned policy. The Scope parameter specifies the default scope value, LocalMachine . To view the execution policy settings, use the `Get-ExecutionPolicy` cmdlet with the List parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-------- Example 3: Get the effective execution policy --------</maml:title>
<dev:code>PS> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine RemoteSigned
PS> Get-ExecutionPolicy
AllSigned</dev:code>
<dev:remarks>
<maml:para>The `Get-ExecutionPolicy` cmdlet uses the List parameter to display each scope's execution policy. The `Get-ExecutionPolicy` cmdlet is run without a parameter to display the effective execution policy, AllSigned .</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 4: Unblock a script to run it without changing the execution policy</maml:title>
<dev:code>PS> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
PS> Get-ExecutionPolicy
RemoteSigned
PS> .\Start-ActivityTracker.ps1
.\Start-ActivityTracker.ps1 : File .\Start-ActivityTracker.ps1 cannot be loaded.
The file .\Start-ActivityTracker.ps1 is not digitally signed.
The script will not execute on the system.
For more information, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\Start-ActivityTracker.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS> Unblock-File -Path .\Start-ActivityTracker.ps1
PS> Get-ExecutionPolicy
RemoteSigned
PS> .\Start-ActivityTracker.ps1
Task 1:</dev:code>
<dev:remarks>
<maml:para>The `Set-ExecutionPolicy` uses the ExecutionPolicy parameter to specify the RemoteSigned policy. The policy is set for the default scope, LocalMachine .</maml:para>
<maml:para>The `Get-ExecutionPolicy` cmdlet shows that RemoteSigned is the effective execution policy for the current PowerShell session.</maml:para>
<maml:para>The Start-ActivityTracker.ps1 script is executed from the current directory. The script is blocked by RemoteSigned because the script isn't digitally signed.</maml:para>
<maml:para>For this example, the script's code was reviewed and verified as safe to run. The `Unblock-File` cmdlet uses the Path parameter to unblock the script.</maml:para>
<maml:para>To verify that `Unblock-File` didn't change the execution policy, `Get-ExecutionPolicy` displays the effective execution policy, RemoteSigned .</maml:para>
<maml:para>The script, Start-ActivityTracker.ps1 is executed from the current directory. The script begins to run because it was unblocked by the `Unblock-File` cmdlet.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/get-executionpolicy?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Execution_Policies</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Group_Policy_Settings</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ExecutionPolicy</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Get-PfxCertificate</command:name>
<command:verb>Get</command:verb>
<command:noun>PfxCertificate</command:noun>
<maml:description>
<maml:para>Gets information about PFX certificate files on the computer.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Get-PfxCertificate` cmdlet gets an object representing each specified PFX certificate file. A PFX file includes both the certificate and a private key.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Get-PfxCertificate</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>FilePath</maml:name>
<maml:Description>
<maml:para>Specifies the full path to the PFX file of the secured file. If you specify a value for this parameter, it is not necessary to type `-FilePath` at the command line.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Get-PfxCertificate</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>The full path to the PFX file of the secured file. Unlike FilePath , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>FilePath</maml:name>
<maml:Description>
<maml:para>Specifies the full path to the PFX file of the secured file. If you specify a value for this parameter, it is not necessary to type `-FilePath` at the command line.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>The full path to the PFX file of the secured file. Unlike FilePath , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe a string that contains a file path to `Get-PfxCertificate`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name>
</dev:type>
<maml:description>
<maml:para>`Get-PfxCertificate` returns an object for each certificate that it gets.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>When using the `Invoke-Command` cmdlet to run a `Get-PfxCertificate` command remotely, and the PFX certificate file is not password protected, the value of the Authentication parameter of `Invoke-Command` must be CredSSP.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>--------------- Example 1: Get a PFX certificate ---------------</maml:title>
<dev:code>Get-PfxCertificate -FilePath "C:\windows\system32\Test.pfx"
Password: ******
Signer Certificate: David Chew (Self Certificate)
Time Certificate:
Time Stamp:
Path: C:\windows\system32\zap.pfx</dev:code>
<dev:remarks>
<maml:para>This command gets information about the Test.pfx certificate file on the system.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>--- Example 2: Get a PFX certificate from a remote computer ---</maml:title>
<dev:code>Invoke-Command -ComputerName "Server01" -ScriptBlock {Get-PfxCertificate -FilePath "C:\Text\TestNoPassword.pfx"} -Authentication CredSSP</dev:code>
<dev:remarks>
<maml:para>This command gets a PFX certificate file from the Server01 remote computer. It uses `Invoke-Command` to run a `Get-PfxCertificate` command remotely.</maml:para>
<maml:para>When the PFX certificate file is not password-protected, the value of the Authentication parameter of `Invoke-Command` must be CredSSP.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/get-pfxcertificate?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>New-FileCatalog</command:name>
<command:verb>New</command:verb>
<command:noun>FileCatalog</command:noun>
<maml:description>
<maml:para>`New-FileCatalog` creates a catalog file of file hashes that can be used to validate the authenticity of a file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>`New-FileCatalog` creates a Windows catalog file (/windows-hardware/drivers/install/catalog-files)for a set of folders and files. This catalog file contains hashes for all files in the provided paths. Users can then distribute the catalog with their files so that users can validate whether any changes have been made to the folders since catalog creation time.</maml:para>
<maml:para>Catalog versions 1 and 2 are supported. Version 1 uses the (deprecated) SHA1 hashing algorithm to create file hashes, and version 2 uses SHA256. Catalog version 2 is not supported on Windows Server 2008 R2 or Windows 7. You should use catalog version 2 on Windows 8, Windows Server 2012, and later operating systems.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>New-FileCatalog</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>CatalogFilePath</maml:name>
<maml:Description>
<maml:para>A path to a file or folder where the catalog file (.cat) should be placed. If a folder path is specified, the default filename `catalog.cat` will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>CatalogVersion</maml:name>
<maml:Description>
<maml:para>Accepts `1.0` or `2.0` as possible values for specifying the catalog version. `1.0` should be used avoided whenever possible, as it uses the insecure SHA-1 hash algorithm, while `2.0` uses the secure SHA-256 algorithm However, `1.0` is the only supported algorithm on Windows 7 and Server 2008R2.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
<dev:type>
<maml:name>System.Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>CatalogFilePath</maml:name>
<maml:Description>
<maml:para>A path to a file or folder where the catalog file (.cat) should be placed. If a folder path is specified, the default filename `catalog.cat` will be used.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>CatalogVersion</maml:name>
<maml:Description>
<maml:para>Accepts `1.0` or `2.0` as possible values for specifying the catalog version. `1.0` should be used avoided whenever possible, as it uses the insecure SHA-1 hash algorithm, while `2.0` uses the secure SHA-256 algorithm However, `1.0` is the only supported algorithm on Windows 7 and Server 2008R2.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
<dev:type>
<maml:name>System.Int32</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>The pipeline takes a string that is used as the catalog filename.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.IO.FileInfo</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>Example 1: Create a file catalog for `Microsoft.PowerShell.Utility`</maml:title>
<dev:code>New-FileCatalog -Path $PSHOME\Modules\Microsoft.PowerShell.Utility -CatalogFilePath \temp\Microsoft.PowerShell.Utility.cat -CatalogVersion 2.0
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 11/2/2018 11:58 AM 950 Microsoft.PowerShell.Utility.cat</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/new-filecatalog?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Test-FileCatalog</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>PowerShellGet</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Protect-CmsMessage</command:name>
<command:verb>Protect</command:verb>
<command:noun>CmsMessage</command:noun>
<maml:description>
<maml:para>Encrypts content by using the Cryptographic Message Syntax format.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Protect-CmsMessage` cmdlet encrypts content by using the Cryptographic Message Syntax (CMS) format.</maml:para>
<maml:para>The CMS cmdlets support encryption and decryption of content using the IETF format as documented by RFC5652 (https://tools.ietf.org/html/rfc5652.html).</maml:para>
<maml:para>The CMS encryption standard uses public key cryptography, where the keys used to encrypt content (the public key) and the keys used to decrypt content (the private key) are separate. Your public key can be shared widely, and is not sensitive data. If any content is encrypted with this public key, only your private key can decrypt it. For more information, see Public-key cryptography (https://en.wikipedia.org/wiki/Public-key_cryptography).</maml:para>
<maml:para>Before you can run the `Protect-CmsMessage` cmdlet, you must have an encryption certificate set up. To be recognized in PowerShell, encryption certificates require a unique extended key usage ( EKU (/windows/desktop/SecCrypto/eku))ID to identify them as data encryption certificates (such as the IDs for Code Signing and Encrypted Mail). For an example of a certificate that would work for document encryption, see Example 1 in this topic.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Protect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Specifies a PSObject that contains content that you want to encrypt. For example, you can encrypt the content of an event message, and then use the variable containing the message (`$Event`, in this example) as the value of the Content parameter: `$event = Get-WinEvent -ProviderName "PowerShell" -MaxEvents 1`. You can also use the `Get-Content` cmdlet to get the contents of a file, such as a Microsoft Word document, and save the content in a variable that you use as the value of the Content parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutFile</maml:name>
<maml:Description>
<maml:para>Specifies the path and file name of a file to which you want to send the encrypted content.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Protect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to content that you want to encrypt. Unlike Path , the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutFile</maml:name>
<maml:Description>
<maml:para>Specifies the path and file name of a file to which you want to send the encrypted content.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Protect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to content that you want to encrypt.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutFile</maml:name>
<maml:Description>
<maml:para>Specifies the path and file name of a file to which you want to send the encrypted content.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Specifies a PSObject that contains content that you want to encrypt. For example, you can encrypt the content of an event message, and then use the variable containing the message (`$Event`, in this example) as the value of the Content parameter: `$event = Get-WinEvent -ProviderName "PowerShell" -MaxEvents 1`. You can also use the `Get-Content` cmdlet to get the contents of a file, such as a Microsoft Word document, and save the content in a variable that you use as the value of the Content parameter.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to content that you want to encrypt. Unlike Path , the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none">
<maml:name>OutFile</maml:name>
<maml:Description>
<maml:para>Specifies the path and file name of a file to which you want to send the encrypted content.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to content that you want to encrypt.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes />
<command:returnValues />
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>---- Example 1: Create a certificate for encrypting content ----</maml:title>
<dev:code># Create .INF file for certreq
{[Version]
Signature = "$Windows NT$"
[Strings]
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_DOCUMENT_ENCRYPTION = "1.3.6.1.4.1.311.80.1"
[NewRequest]
Subject = "cn=youralias@emailaddress.com"
MachineKeySet = false
KeyLength = 2048
KeySpec = AT_KEYEXCHANGE
HashAlgorithm = Sha1
Exportable = true
RequestType = Cert
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE"
ValidityPeriod = "Years"
ValidityPeriodUnits = "1000"
[Extensions]
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_DOCUMENT_ENCRYPTION%"
} | Out-File -FilePath DocumentEncryption.inf
# After you have created your certificate file, run the following command to add
# the certificate file to the certificate store. Now you are ready to encrypt and
# decrypt content with the next two examples.
certreq.exe -new DocumentEncryption.inf DocumentEncryption.cer</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>---------- Example 2: Encrypt a message sent by email ----------</maml:title>
<dev:code>$Protected = "Hello World" | Protect-CmsMessage -To "*youralias@emailaddress.com*"</dev:code>
<dev:remarks>
<maml:para>In the following example, you encrypt a message, "Hello World", by piping it to the `Protect-CmsMessage` cmdlet, and then save the encrypted message in a variable. The To parameter uses the value of the Subject line in the certificate.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>------- Example 3: View document encryption certificates -------</maml:title>
<dev:code>PS C:\> cd Cert:\CurrentUser\My
PS Cert:\CurrentUser\My> Get-ChildItem -DocumentEncryptionCert</dev:code>
<dev:remarks>
<maml:para>To view document encryption certificates in the certificate provider, you can add the DocumentEncryptionCert dynamic parameter of Get-ChildItem (../Microsoft.PowerShell.Management/Get-ChildItem.md), available only when the certificate provider is loaded.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/protect-cmsmessage?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Providers</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-CmsMessage</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Unprotect-CmsMessage</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-Acl</command:name>
<command:verb>Set</command:verb>
<command:noun>Acl</command:noun>
<maml:description>
<maml:para>Changes the security descriptor of a specified item, such as a file or a registry key.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Set-Acl` cmdlet changes the security descriptor of a specified item, such as a file or a registry key, to match the values in a security descriptor that you supply.</maml:para>
<maml:para>To use `Set-Acl`, use the Path or InputObject parameter to identify the item whose security descriptor you want to change. Then, use the AclObject or SecurityDescriptor parameters to supply a security descriptor that has the values you want to apply. `Set-Acl` applies the security descriptor that is supplied. It uses the value of the AclObject parameter as a model and changes the values in the item's security descriptor to match the values in the AclObject parameter.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-Acl</maml:name>
<command:parameter required="true" variableLength="true" globbing="true" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Changes the security descriptor of the specified item. Enter the path to an item, such as a path to a file or registry key. Wildcards are permitted.</maml:para>
<maml:para>If you pass a security object to `Set-Acl` (either by using the AclObject or SecurityDescriptor parameters or by passing a security object from Get-Acl to `Set-Acl`), and you omit the Path parameter (name and value), `Set-Acl` uses the path that is included in the security object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="none">
<maml:name>AclObject</maml:name>
<maml:Description>
<maml:para>Specifies an ACL with the desired property values. `Set-Acl` changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para>
<maml:para>You can save the output of a `Get-Acl` command in a variable and then use the AclObject parameter to pass the variable, or type a `Get-Acl` command.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Object</command:parameterValue>
<dev:type>
<maml:name>System.Object</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
<maml:name>CentralAccessPolicy</maml:name>
<maml:Description>
<maml:para>Establishes or changes the central access policy of the item. Enter the CAP ID or friendly name of a central access policy on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ClearCentralAccessPolicy</maml:name>
<maml:Description>
<maml:para>Removes the central access policy from the specified item.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Passthru</maml:name>
<maml:Description>
<maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-Acl</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="none">
<maml:name>AclObject</maml:name>
<maml:Description>
<maml:para>Specifies an ACL with the desired property values. `Set-Acl` changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para>
<maml:para>You can save the output of a `Get-Acl` command in a variable and then use the AclObject parameter to pass the variable, or type a `Get-Acl` command.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Object</command:parameterValue>
<dev:type>
<maml:name>System.Object</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
<maml:name>CentralAccessPolicy</maml:name>
<maml:Description>
<maml:para>Establishes or changes the central access policy of the item. Enter the CAP ID or friendly name of a central access policy on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ClearCentralAccessPolicy</maml:name>
<maml:Description>
<maml:para>Removes the central access policy from the specified item.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Changes the security descriptor of the specified item. Unlike Path , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks (`'`). Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Passthru</maml:name>
<maml:Description>
<maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-Acl</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
<maml:name>InputObject</maml:name>
<maml:Description>
<maml:para>Changes the security descriptor of the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para>
<maml:para>You cannot pipe the object to be changed to `Set-Acl`. Instead, use the InputObject parameter explicitly in the command.</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="none">
<maml:name>AclObject</maml:name>
<maml:Description>
<maml:para>Specifies an ACL with the desired property values. `Set-Acl` changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para>
<maml:para>You can save the output of a `Get-Acl` command in a variable and then use the AclObject parameter to pass the variable, or type a `Get-Acl` command.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Object</command:parameterValue>
<dev:type>
<maml:name>System.Object</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Passthru</maml:name>
<maml:Description>
<maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="1" aliases="none">
<maml:name>AclObject</maml:name>
<maml:Description>
<maml:para>Specifies an ACL with the desired property values. `Set-Acl` changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para>
<maml:para>You can save the output of a `Get-Acl` command in a variable and then use the AclObject parameter to pass the variable, or type a `Get-Acl` command.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Object</command:parameterValue>
<dev:type>
<maml:name>System.Object</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
<maml:name>CentralAccessPolicy</maml:name>
<maml:Description>
<maml:para>Establishes or changes the central access policy of the item. Enter the CAP ID or friendly name of a central access policy on the computer.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>ClearCentralAccessPolicy</maml:name>
<maml:Description>
<maml:para>Removes the central access policy from the specified item.</maml:para>
<maml:para>Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see Dynamic Access Control: Scenario Overview (/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview).</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Exclude</maml:name>
<maml:Description>
<maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Filter</maml:name>
<maml:Description>
<maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having PowerShell filter the objects after they are retrieved.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none">
<maml:name>Include</maml:name>
<maml:Description>
<maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as `*.txt`. Wildcards are permitted.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
<maml:name>InputObject</maml:name>
<maml:Description>
<maml:para>Changes the security descriptor of the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para>
<maml:para>You cannot pipe the object to be changed to `Set-Acl`. Instead, use the InputObject parameter explicitly in the command.</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Changes the security descriptor of the specified item. Unlike Path , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks (`'`). Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
<maml:para>This parameter was introduced in Windows PowerShell 3.0.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Passthru</maml:name>
<maml:Description>
<maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="true" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Changes the security descriptor of the specified item. Enter the path to an item, such as a path to a file or registry key. Wildcards are permitted.</maml:para>
<maml:para>If you pass a security object to `Set-Acl` (either by using the AclObject or SecurityDescriptor parameters or by passing a security object from Get-Acl to `Set-Acl`), and you omit the Path parameter (name and value), `Set-Acl` uses the path that is included in the security object.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="usetx">
<maml:name>UseTransaction</maml:name>
<maml:Description>
<maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_Transactions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Security.AccessControl.ObjectSecurity, System.Security.AccessControl.CommonSecurityDescriptor</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe an ACL object or a security descriptor to `Set-Acl`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Security.AccessControl.FileSecurity</maml:name>
</dev:type>
<maml:description>
<maml:para>By default, `Set-Acl` does not generate any output. However, if you use the Passthru parameter, it generates a security object. The type of the security object depends on the type of the item.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>The `Set-Acl` cmdlet is supported by the PowerShell file system and registry providers. As such, you can use it to change the security descriptors of files, directories, and registry keys.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>Example 1: Copy a security descriptor from one file to another</maml:title>
<dev:code>$DogACL = Get-Acl -Path "C:\Dog.txt"
Set-Acl -Path "C:\Cat.txt" -AclObject $DogACL</dev:code>
<dev:remarks>
<maml:para>These commands copy the values from the security descriptor of the Dog.txt file to the security descriptor of the Cat.txt file. When the commands complete, the security descriptors of the Dog.txt and Cat.txt files are identical.</maml:para>
<maml:para>The first command uses the `Get-Acl` cmdlet to get the security descriptor of the Dog.txt file. The assignment operator (`=`) stores the security descriptor in the value of the $DogACL variable.</maml:para>
<maml:para>The second command uses `Set-Acl` to change the values in the ACL of Cat.txt to the values in `$DogACL`.</maml:para>
<maml:para>The value of the Path parameter is the path to the Cat.txt file. The value of the AclObject parameter is the model ACL, in this case, the ACL of Dog.txt as saved in the `$DogACL` variable.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>-- Example 2: Use the pipeline operator to pass a descriptor --</maml:title>
<dev:code>Get-Acl -Path "C:\Dog.txt" | Set-Acl -Path "C:\Cat.txt"</dev:code>
<dev:remarks>
<maml:para>This command is almost the same as the command in the previous example, except that it uses a pipeline operator (`|`) to send the security descriptor from a `Get-Acl` command to a `Set-Acl` command.</maml:para>
<maml:para>The first command uses the `Get-Acl` cmdlet to get the security descriptor of the Dog.txt file. The pipeline operator (`|`) passes an object that represents the Dog.txt security descriptor to the `Set-Acl` cmdlet.</maml:para>
<maml:para>The second command uses `Set-Acl` to apply the security descriptor of Dog.txt to Cat.txt. When the command completes, the ACLs of the Dog.txt and Cat.txt files are identical.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>--- Example 3: Apply a security descriptor to multiple files ---</maml:title>
<dev:code>$NewAcl = Get-Acl File0.txt
Get-ChildItem -Path "C:\temp" -Recurse -Include "*.txt" -Force | Set-Acl -AclObject $NewAcl</dev:code>
<dev:remarks>
<maml:para>These commands apply the security descriptors in the File0.txt file to all text files in the `C:\Temp` directory and all of its subdirectories.</maml:para>
<maml:para>The first command gets the security descriptor of the File0.txt file in the current directory and uses the assignment operator (`=`) to store it in the `$NewACL` variable.</maml:para>
<maml:para>The first command in the pipeline uses the Get-ChildItem cmdlet to get all of the text files in the `C:\Temp` directory. The Recurse parameter extends the command to all subdirectories of `C:\temp`. The Include parameter limits the files retrieved to those with the `.txt` file name extension. The Force parameter gets hidden files, which would otherwise be excluded. (You cannot use `c:\temp\ .txt`, because the Recurse * parameter works on directories, not on files.)</maml:para>
<maml:para>The pipeline operator (`|`) sends the objects representing the retrieved files to the `Set-Acl` cmdlet, which applies the security descriptor in the AclObject parameter to all of the files in the pipeline.</maml:para>
<maml:para>In practice, it is best to use the WhatIf parameter with all `Set-Acl` commands that can affect more than one item. In this case, the second command in the pipeline would be `Set-Acl -AclObject $NewAcl -WhatIf`. This command lists the files that would be affected by the command. After reviewing the result, you can run the command again without the WhatIf parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 4: Disable inheritance and preserve inherited access rules</maml:title>
<dev:code>$NewAcl = Get-Acl -Path "C:\Pets\Dog.txt"
$isProtected = $true
$preserveInheritance = $true
$NewAcl.SetAccessRuleProtection($isProtected, $preserveInheritance)
Set-Acl -Path "C:\Pets\Dog.txt" -AclObject $NewAcl</dev:code>
<dev:remarks>
<maml:para>These commands is will disable access inheritance from parent folders, while still preserving the existing inherited access rules.</maml:para>
<maml:para>The first command uses the `Get-Acl` cmdlet to get the security descriptor of the Dog.txt file.</maml:para>
<maml:para>Next, variables are created to convert the inherited access rules to explicit access rules. To protect the access rules associated with this from inheritance, set the `$isProtected` variable to `$true`.to allow inheritance, set `$isProtected` to `$false`. For more information, see set access rule protection (/dotnet/api/system.security.accesscontrol.objectsecurity.setaccessruleprotection). The `$preserveInheritance` variable set to `$true` to preserve inherited access rules; false to remove inherited access rules. Then the access rule protection is updated using the SetAccessRuleProtection() method.</maml:para>
<maml:para>The last command uses `Set-Acl` to apply the security descriptor of to Dog.txt. When the command completes, the ACLs of the Dog.txt that were inherited from the Pets folder will be applied directly to Dog.txt, and new access policies added to Pets will not change the access to Dog.txt.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>--- Example 5: Grant Administrators Full Control of the file ---</maml:title>
<dev:code>$NewAcl = Get-Acl -Path "C:\Pets\Dog.txt"
# Set properties
$identity = "BUILTIN\Administrators"
$fileSystemRights = "FullControl"
$type = "Allow"
# Create new rule
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
# Apply new rule
$NewAcl.SetAccessRule($fileSystemAccessRule)
Set-Acl -Path "C:\Pets\Dog.txt" -AclObject $NewAcl</dev:code>
<dev:remarks>
<maml:para>This command will grant the BUILTIN\Administrators group Full control of the Dog.txt file.</maml:para>
<maml:para>The first command uses the `Get-Acl` cmdlet to get the security descriptor of the Dog.txt file.</maml:para>
<maml:para>Next variables are created to grant the BUILTIN\Administrators group full control of the Dog.txt file. The `$identity` variable set to the name of a user account (/dotnet/api/system.security.accesscontrol.filesystemaccessrule.-ctor). The `$fileSystemRights` variable set to FullControl, and can be any one of the FileSystemRights (/dotnet/api/system.security.accesscontrol.filesystemrights)values that specifies the type of operation associated with the access rule. The `$type` variable set to "Allow" to specifies whether to allow or deny the operation. The `$fileSystemAccessRuleArgumentList` variable is an argument list is to be passed when making the new FileSystemAccessRule object. Then a new FileSystemAccessRule object is created, and the FileSystemAccessRule object is passed to the SetAccessRule() method, adds the new access rule.</maml:para>
<maml:para>The last command uses `Set-Acl` to apply the security descriptor of to Dog.txt. When the command completes, the BUILTIN\Administrators group will have full control of the Dog.txt.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-acl?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-Acl</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>FileSystemAccessRule</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>ObjectSecurity.SetAccessRuleProtection</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>FileSystemRights</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-AuthenticodeSignature</command:name>
<command:verb>Set</command:verb>
<command:noun>AuthenticodeSignature</command:noun>
<maml:description>
<maml:para>Adds an Authenticode (/windows-hardware/drivers/install/authenticode)signature to a PowerShell script or other file.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Set-AuthenticodeSignature` cmdlet adds an Authenticode signature to any file that supports Subject Interface Package (SIP).</maml:para>
<maml:para>In a PowerShell script file, the signature takes the form of a block of text that indicates the end of the instructions that are executed in the script. If there is a signature in the file when this cmdlet runs, that signature is removed.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-AuthenticodeSignature</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para>
<maml:para>To find a certificate, use `Get-PfxCertificate` or use the `Get-ChildItem` cmdlet in the Certificate `Cert:` drive. If the certificate is not valid or does not have `code-signing` authority, the command fails.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>FilePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a file that is being signed.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>HashAlgorithm</maml:name>
<maml:Description>
<maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file.</maml:para>
<maml:para>For PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems. Which algorithms are supported depends on the version of the operating system.</maml:para>
<maml:para>For a list of possible values, see HashAlgorithmName Struct (/dotnet/api/system.security.cryptography.hashalgorithmname?view=netframework-4.7.2#properties).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>SHA256</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeChain</maml:name>
<maml:Description>
<maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. NotRoot is the default.</maml:para>
<maml:para>Valid values are:</maml:para>
<maml:para>- Signer: Includes only the signer's certificate.</maml:para>
<maml:para>- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para>
<maml:para>- All: Includes all the certificates in the certificate chain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>NotRoot</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>TimestampServer</maml:name>
<maml:Description>
<maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para>
<maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-AuthenticodeSignature</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para>
<maml:para>To find a certificate, use `Get-PfxCertificate` or use the `Get-ChildItem` cmdlet in the Certificate `Cert:` drive. If the certificate is not valid or does not have `code-signing` authority, the command fails.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>HashAlgorithm</maml:name>
<maml:Description>
<maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file.</maml:para>
<maml:para>For PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems. Which algorithms are supported depends on the version of the operating system.</maml:para>
<maml:para>For a list of possible values, see HashAlgorithmName Struct (/dotnet/api/system.security.cryptography.hashalgorithmname?view=netframework-4.7.2#properties).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>SHA256</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeChain</maml:name>
<maml:Description>
<maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. NotRoot is the default.</maml:para>
<maml:para>Valid values are:</maml:para>
<maml:para>- Signer: Includes only the signer's certificate.</maml:para>
<maml:para>- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para>
<maml:para>- All: Includes all the certificates in the certificate chain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>NotRoot</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>TimestampServer</maml:name>
<maml:Description>
<maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para>
<maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a file that is being signed. Unlike FilePath , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Set-AuthenticodeSignature</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para>
<maml:para>To find a certificate, use `Get-PfxCertificate` or use the `Get-ChildItem` cmdlet in the Certificate `Cert:` drive. If the certificate is not valid or does not have `code-signing` authority, the command fails.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>HashAlgorithm</maml:name>
<maml:Description>
<maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file.</maml:para>
<maml:para>For PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems. Which algorithms are supported depends on the version of the operating system.</maml:para>
<maml:para>For a list of possible values, see HashAlgorithmName Struct (/dotnet/api/system.security.cryptography.hashalgorithmname?view=netframework-4.7.2#properties).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>SHA256</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeChain</maml:name>
<maml:Description>
<maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. NotRoot is the default.</maml:para>
<maml:para>Valid values are:</maml:para>
<maml:para>- Signer: Includes only the signer's certificate.</maml:para>
<maml:para>- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para>
<maml:para>- All: Includes all the certificates in the certificate chain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>NotRoot</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>TimestampServer</maml:name>
<maml:Description>
<maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para>
<maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none">
<maml:name>SourcePathOrExtension</maml:name>
<maml:Description>
<maml:para>Path to the file or file type of the content for which the digital signature is added. This parameter is used with Content where file content is passed as a byte array.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Contents of a file as a byte array for which the digital signature is added. This parameter must be used with SourcePathOrExtension parameter. The contents of the file must be in Unicode (UTF-16LE) format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>Certificate</maml:name>
<maml:Description>
<maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para>
<maml:para>To find a certificate, use `Get-PfxCertificate` or use the `Get-ChildItem` cmdlet in the Certificate `Cert:` drive. If the certificate is not valid or does not have `code-signing` authority, the command fails.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue>
<dev:type>
<maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>FilePath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a file that is being signed.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>HashAlgorithm</maml:name>
<maml:Description>
<maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file.</maml:para>
<maml:para>For PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems. Which algorithms are supported depends on the version of the operating system.</maml:para>
<maml:para>For a list of possible values, see HashAlgorithmName Struct (/dotnet/api/system.security.cryptography.hashalgorithmname?view=netframework-4.7.2#properties).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>SHA256</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeChain</maml:name>
<maml:Description>
<maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. NotRoot is the default.</maml:para>
<maml:para>Valid values are:</maml:para>
<maml:para>- Signer: Includes only the signer's certificate.</maml:para>
<maml:para>- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para>
<maml:para>- All: Includes all the certificates in the certificate chain.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>NotRoot</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>TimestampServer</maml:name>
<maml:Description>
<maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para>
<maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="PSPath">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to a file that is being signed. Unlike FilePath , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none">
<maml:name>SourcePathOrExtension</maml:name>
<maml:Description>
<maml:para>Path to the file or file type of the content for which the digital signature is added. This parameter is used with Content where file content is passed as a byte array.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Contents of a file as a byte array for which the digital signature is added. This parameter must be used with SourcePathOrExtension parameter. The contents of the file must be in Unicode (UTF-16LE) format.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Byte[]</command:parameterValue>
<dev:type>
<maml:name>System.Byte[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe a string that contains the file path to `Set-AuthenticodeSignature`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Management.Automation.Signature</maml:name>
</dev:type>
<maml:description>
<maml:para></maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>Example 1 - Sign a script using a certificate from the local certificate store</maml:title>
<dev:code>$cert=Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert
Set-AuthenticodeSignature -FilePath PsTestInternet2.ps1 -Certificate $cert</dev:code>
<dev:remarks>
<maml:para>The first command uses the `Get-ChildItem` cmdlet and the PowerShell certificate provider to get the certificates in the `Cert:\CurrentUser\My` subdirectory of the certificate store. The `Cert:` drive is the drive exposed by the certificate provider. The CodeSigningCert parameter, which is supported only by the certificate provider, limits the certificates retrieved to those with code-signing authority. The command stores the result in the `$cert` variable.</maml:para>
<maml:para>The second command uses the `Set-AuthenticodeSignature` cmdlet to sign the `PSTestInternet2.ps1` script. It uses the FilePath parameter to specify the name of the script and the Certificate parameter to specify that the certificate is stored in the `$cert` variable.</maml:para>
<maml:para>> [!NOTE] > Using the CodeSigningCert parameter with `Get-ChildItem` only returns certificates that have > code-signing authority and contain a private key. If there is no private key, the certificates > cannot be used for signing.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title> Example 2 - Sign a script using a certificate from a PFX file </maml:title>
<dev:code>$cert = Get-PfxCertificate -FilePath C:\Test\Mysign.pfx
Set-AuthenticodeSignature -FilePath ServerProps.ps1 -Certificate $cert</dev:code>
<dev:remarks>
<maml:para>The first command uses the `Get-PfxCertificate` cmdlet to load the C:\Test\MySign.pfx certificate into the `$cert` variable.</maml:para>
<maml:para>The second command uses `Set-AuthenticodeSignature` to sign the script. The FilePath parameter of `Set-AuthenticodeSignature` specifies the path to the script file being signed and the Cert parameter passes the `$cert` variable containing the certificate to `Set-AuthenticodeSignature`.</maml:para>
<maml:para>If the certificate file is password protected, PowerShell prompts you for the password.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>- Example 3 - Add a signature that includes the root authority -</maml:title>
<dev:code>Set-AuthenticodeSignature -FilePath c:\scripts\Remodel.ps1 -Certificate $cert -IncludeChain All -TimestampServer "http://timestamp.fabrikam.com/scripts/timstamper.dll"</dev:code>
<dev:remarks>
<maml:para>The command uses the FilePath parameter to specify the script being signed and the Certificate parameter to specify the certificate that is saved in the `$cert` variable. It uses the IncludeChain parameter to include all of the signatures in the trust chain, including the root authority. It also uses the TimeStampServer parameter to add a timestamp to the signature. This prevents the script from failing when the certificate expires.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-authenticodesignature?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ExecutionPolicy</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-PfxCertificate</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-ExecutionPolicy</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Execution_Policies</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Signing</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Set-ExecutionPolicy</command:name>
<command:verb>Set</command:verb>
<command:noun>ExecutionPolicy</command:noun>
<maml:description>
<maml:para>Sets the PowerShell execution policies for Windows computers.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Set-ExecutionPolicy` cmdlet changes PowerShell execution policies for Windows computers. For more information, see about_Execution_Policies (../Microsoft.PowerShell.Core/about/about_Execution_Policies.md).</maml:para>
<maml:para>An execution policy is part of the PowerShell security strategy. Execution policies determine whether you can load configuration files, such as your PowerShell profile, or run scripts. And, whether scripts must be digitally signed before they are run.</maml:para>
<maml:para>The `Set-ExecutionPolicy` cmdlet's default scope is LocalMachine , which affects everyone who uses the computer. To change the execution policy for LocalMachine , start PowerShell with **Run as Administrator**.</maml:para>
<maml:para>To display the execution policies for each scope in the order of precedence, use `Get-ExecutionPolicy -List`. To see the effective execution policy for your PowerShell session use `Get-ExecutionPolicy` with no parameters.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Set-ExecutionPolicy</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>ExecutionPolicy</maml:name>
<maml:Description>
<maml:para>Specifies the execution policy. If there are no Group Policies and each scope's execution policy is set to Undefined , then Restricted becomes the effective policy for all users.</maml:para>
<maml:para>The acceptable execution policy values are as follows:</maml:para>
<maml:para>- AllSigned . Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer. - Bypass . Nothing is blocked and there are no warnings or prompts. - Default . Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers. - RemoteSigned . Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers. - Restricted . Doesn't load configuration files or run scripts. The default execution policy Windows client computers. - Undefined . No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined , the effective execution policy is Restricted . - Unrestricted . Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">AllSigned</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Bypass</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Default</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">RemoteSigned</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Restricted</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Undefined</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Unrestricted</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">Microsoft.PowerShell.ExecutionPolicy</command:parameterValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicy</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
<maml:name>Scope</maml:name>
<maml:Description>
<maml:para>Specifies the scope that is affected by an execution policy. The default scope is LocalMachine .</maml:para>
<maml:para>The effective execution policy is determined by the order of precedence as follows:</maml:para>
<maml:para>- MachinePolicy . Set by a Group Policy for all users of the computer. - UserPolicy . Set by a Group Policy for the current user of the computer. - Process . Affects only the current PowerShell session. - CurrentUser . Affects only the current user. - LocalMachine . Default scope that affects all users of the computer.</maml:para>
<maml:para>The Process scope only affects the current PowerShell session. The execution policy is saved in the environment variable `$env:PSExecutionPolicyPreference`, rather than the registry. When the PowerShell session is closed, the variable and value are deleted.</maml:para>
<maml:para>Execution policies for the CurrentUser scope are written to the registry hive HKEY_LOCAL_USER .</maml:para>
<maml:para>Execution policies for the LocalMachine scope are written to the registry hive HKEY_LOCAL_MACHINE .</maml:para>
</maml:Description>
<command:parameterValueGroup>
<command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">LocalMachine</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">MachinePolicy</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue>
<command:parameterValue required="false" command:variableLength="false">UserPolicy</command:parameterValue>
</command:parameterValueGroup>
<command:parameterValue required="true" variableLength="false">Microsoft.PowerShell.ExecutionPolicyScope</command:parameterValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicyScope</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>LocalMachine</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Suppresses all the confirmation prompts. Use caution with this parameter to avoid unexpected results.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>ExecutionPolicy</maml:name>
<maml:Description>
<maml:para>Specifies the execution policy. If there are no Group Policies and each scope's execution policy is set to Undefined , then Restricted becomes the effective policy for all users.</maml:para>
<maml:para>The acceptable execution policy values are as follows:</maml:para>
<maml:para>- AllSigned . Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer. - Bypass . Nothing is blocked and there are no warnings or prompts. - Default . Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers. - RemoteSigned . Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers. - Restricted . Doesn't load configuration files or run scripts. The default execution policy Windows client computers. - Undefined . No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined , the effective execution policy is Restricted . - Unrestricted . Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Microsoft.PowerShell.ExecutionPolicy</command:parameterValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicy</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Force</maml:name>
<maml:Description>
<maml:para>Suppresses all the confirmation prompts. Use caution with this parameter to avoid unexpected results.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
<maml:name>Scope</maml:name>
<maml:Description>
<maml:para>Specifies the scope that is affected by an execution policy. The default scope is LocalMachine .</maml:para>
<maml:para>The effective execution policy is determined by the order of precedence as follows:</maml:para>
<maml:para>- MachinePolicy . Set by a Group Policy for all users of the computer. - UserPolicy . Set by a Group Policy for the current user of the computer. - Process . Affects only the current PowerShell session. - CurrentUser . Affects only the current user. - LocalMachine . Default scope that affects all users of the computer.</maml:para>
<maml:para>The Process scope only affects the current PowerShell session. The execution policy is saved in the environment variable `$env:PSExecutionPolicyPreference`, rather than the registry. When the PowerShell session is closed, the variable and value are deleted.</maml:para>
<maml:para>Execution policies for the CurrentUser scope are written to the registry hive HKEY_LOCAL_USER .</maml:para>
<maml:para>Execution policies for the LocalMachine scope are written to the registry hive HKEY_LOCAL_MACHINE .</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">Microsoft.PowerShell.ExecutionPolicyScope</command:parameterValue>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicyScope</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>LocalMachine</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>Microsoft.PowerShell.ExecutionPolicy, System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe an execution policy object or a string that contains the name of an execution policy to `Set-ExecutionPolicy`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>None</maml:name>
</dev:type>
<maml:description>
<maml:para>`Set-ExecutionPolicy` doesn't return any output.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para>`Set-ExecutionPolicy` doesn't change the MachinePolicy and UserPolicy scopes because they are set by Group Policies.</maml:para>
<maml:para>`Set-ExecutionPolicy` doesn't override a Group Policy, even if the user preference is more restrictive than the policy.</maml:para>
<maml:para>If the Group Policy Turn on Script Execution is enabled for the computer or user, the user preference is saved, but it is not effective. PowerShell displays a message that explains the conflict.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------------- Example 1: Set an execution policy --------------</maml:title>
<dev:code>Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine RemoteSigned</dev:code>
<dev:remarks>
<maml:para>The `Set-ExecutionPolicy` cmdlet uses the ExecutionPolicy parameter to specify the RemoteSigned policy. The Scope parameter specifies the default scope value, LocalMachine . To view the execution policy settings, use the `Get-ExecutionPolicy` cmdlet with the List parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 2: Set an execution policy that conflicts with a Group Policy</maml:title>
<dev:code>PS> Set-ExecutionPolicy -ExecutionPolicy Restricted -Scope LocalMachine
Set-ExecutionPolicy : PowerShell updated your local preference successfully, but the setting is
overridden by the Group Policy applied to your system. Due to the override, your shell will retain
its current effective execution policy of "AllSigned". Contact your Group Policy administrator for
more information. At line:1 char:20 + Set-ExecutionPolicy <<<< restricted
PS> Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds
Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds
Name Property
---- --------
Microsoft.PowerShell Path : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
ExecutionPolicy : Restricted
ScriptedDiagnostics ExecutionPolicy : Unrestricted</dev:code>
<dev:remarks>
<maml:para>The `Set-ExecutionPolicy` cmdlet uses the ExecutionPolicy parameter to specify the Restricted policy. The Scope parameter specifies the default scope value, LocalMachine . The `Get-ChildItem` cmdlet uses the Path parameter with the HKLM provider to specify registry location.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 3: Apply the execution policy from a remote computer to a local computer</maml:title>
<dev:code>PS> Invoke-Command -ComputerName Server01 -ScriptBlock { Get-ExecutionPolicy } | Set-ExecutionPolicy</dev:code>
<dev:remarks>
<maml:para>The `Invoke-Command` cmdlet is executed at the local computer and sends the ScriptBlock to the remote computer. The ComputerName parameter specifies the remote computer, Server01 . The ScriptBlock parameter runs `Get-ExecutionPolicy` on the remote computer. The `Get-ExecutionPolicy` object is sent down the pipeline to the `Set-ExecutionPolicy`. `Set-ExecutionPolicy` applies the execution policy to the local computer's default scope, LocalMachine .</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>------- Example 4: Set the scope for an execution policy -------</maml:title>
<dev:code>Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope CurrentUser
Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine RemoteSigned</dev:code>
<dev:remarks>
<maml:para>`Set-ExecutionPolicy` uses the ExecutionPolicy parameter to specify the AllSigned policy. The Scope parameter specifies the CurrentUser . To view the execution policy settings, use the `Get-ExecutionPolicy` cmdlet with the List parameter.</maml:para>
<maml:para>The effective execution policy for the user becomes AllSigned .</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>- Example 5: Remove the execution policy for the current user -</maml:title>
<dev:code>Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser
Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned</dev:code>
<dev:remarks>
<maml:para>`Set-ExecutionPolicy` uses the ExecutionPolicy parameter to specify the Undefined policy. The Scope parameter specifies the CurrentUser . To view the execution policy settings, use the `Get-ExecutionPolicy` cmdlet with the List parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 6: Set the execution policy for the current PowerShell session</maml:title>
<dev:code>Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope Process
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process AllSigned
CurrentUser RemoteSigned
LocalMachine RemoteSigned</dev:code>
<dev:remarks>
<maml:para>The `Set-ExecutionPolicy` uses the ExecutionPolicy parameter to specify the AllSigned policy. The Scope parameter specifies the value Process . To view the execution policy settings, use the `Get-ExecutionPolicy` cmdlet with the List parameter.</maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>Example 7: Unblock a script to run it without changing the execution policy</maml:title>
<dev:code>PS> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
PS> Get-ExecutionPolicy
RemoteSigned
PS> .\Start-ActivityTracker.ps1
.\Start-ActivityTracker.ps1 : File .\Start-ActivityTracker.ps1 cannot be loaded.
The file .\Start-ActivityTracker.ps1 is not digitally signed.
The script will not execute on the system.
For more information, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\Start-ActivityTracker.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS> Unblock-File -Path .\Start-ActivityTracker.ps1
PS> Get-ExecutionPolicy
RemoteSigned
PS> .\Start-ActivityTracker.ps1
Task 1:</dev:code>
<dev:remarks>
<maml:para>The `Set-ExecutionPolicy` uses the ExecutionPolicy parameter to specify the RemoteSigned policy. The policy is set for the default scope, LocalMachine .</maml:para>
<maml:para>The `Get-ExecutionPolicy` cmdlet shows that RemoteSigned is the effective execution policy for the current PowerShell session.</maml:para>
<maml:para>The Start-ActivityTracker.ps1 script is executed from the current directory. The script is blocked by RemoteSigned because the script isn't digitally signed.</maml:para>
<maml:para>For this example, the script's code was reviewed and verified as safe to run. The `Unblock-File` cmdlet uses the Path parameter to unblock the script.</maml:para>
<maml:para>To verify that `Unblock-File` didn't change the execution policy, `Get-ExecutionPolicy` displays the effective execution policy, RemoteSigned .</maml:para>
<maml:para>The script, Start-ActivityTracker.ps1 is executed from the current directory. The script begins to run because it was unblocked by the `Unblock-File` cmdlet.</maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Execution_Policies</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Group_Policy_Settings</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Providers</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ChildItem</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-ExecutionPolicy</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Invoke-Command</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Set-AuthenticodeSignature</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Unblock-File</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Test-FileCatalog</command:name>
<command:verb>Test</command:verb>
<command:noun>FileCatalog</command:noun>
<maml:description>
<maml:para>`Test-FileCatalog` validates whether the hashes contained in a catalog file (.cat) matches the hashes of the actual files in order to validate their authenticity.</maml:para>
<maml:para>This cmdlet is only supported on Windows.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>`Test-FileCatalog` validates the authenticity of files by comparing the file hashes of a catalog file (.cat) with the hashes of actual files on disk. If it detects any mismatches, it returns the status as ValidationFailed. Users can retrieve all this information by using the -Detailed parameter. It also displays signing status of catalog in Signature property which is equivalent to calling `Get-AuthenticodeSignature` cmdlet on the catalog file. Users can also skip any file during validation by using the -FilesToSkip parameter.</maml:para>
<maml:para>This cmdlet is only supported on Windows.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Test-FileCatalog</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>CatalogFilePath</maml:name>
<maml:Description>
<maml:para>A path to a catalog file (.cat) that contains the hashes to be used for validation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>A folder or array of files that should be validated against the catalog file.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Detailed</maml:name>
<maml:Description>
<maml:para>Returns more information a more detailed `CatalogInformation` object that contains the files tested, their expected/actual hashes, and an Authenticode signature of the catalog file if it's signed.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>FilesToSkip</maml:name>
<maml:Description>
<maml:para>An array of paths that should not be tested as part of the validation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>CatalogFilePath</maml:name>
<maml:Description>
<maml:para>A path to a catalog file (.cat) that contains the hashes to be used for validation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf">
<maml:name>Confirm</maml:name>
<maml:Description>
<maml:para>Prompts you for confirmation before running the cmdlet.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>Detailed</maml:name>
<maml:Description>
<maml:para>Returns more information a more detailed `CatalogInformation` object that contains the files tested, their expected/actual hashes, and an Authenticode signature of the catalog file if it's signed.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>FilesToSkip</maml:name>
<maml:Description>
<maml:para>An array of paths that should not be tested as part of the validation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>A folder or array of files that should be validated against the catalog file.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue>
<dev:type>
<maml:name>System.String[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi">
<maml:name>WhatIf</maml:name>
<maml:Description>
<maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.IO.DirectoryInfo[], System.String[]</maml:name>
</dev:type>
<maml:description>
<maml:para>The pipeline accepts an array of strings or `DirectoryInfo` objects that represent paths to the files that need to be validated.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.Management.Automation.CatalogValidationStatus</maml:name>
</dev:type>
<maml:description>
<maml:para>The default return type containing a value of either `Valid` or `ValidationFailed`.</maml:para>
</maml:description>
</command:returnValue>
<command:returnValue>
<dev:type>
<maml:name>System.Management.Automation.CatalogInformation</maml:name>
</dev:type>
<maml:description>
<maml:para>A more detailed object returned when using `-Detailed` which can be used to analyze specific files that may or may not have passed validation, which hashes were expected vs. found, and the algorithm used in the catalog.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>-------- Example 1: Create and validate a file catalog --------</maml:title>
<dev:code>New-FileCatalog -Path $PSHOME\Modules\Microsoft.PowerShell.Utility -CatalogFilePath \temp\Microsoft.PowerShell.Utility.cat -CatalogVersion 2.0
Test-FileCatalog -CatalogFilePath \temp\Microsoft.PowerShell.Utility.cat -Path "$PSHome\Modules\Microsoft.PowerShell.Utility\"
Valid</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
<command:example>
<maml:title>--- Example 2: Validate a file catalog with detailed output ---</maml:title>
<dev:code>Test-FileCatalog -CatalogFilePath \temp\Microsoft.PowerShell.Utility.cat -Path "$PSHome\Modules\Microsoft.PowerShell.Utility\"
Status : Valid
HashAlgorithm : SHA256
CatalogItems : {[Microsoft.PowerShell.Utility.psd1,
A7028BD54018AE519381CDF5BF91F3B0417BD9345478086089ACBFAD05C899FC], [Microsoft.PowerShell.Utility.psm1,
1127E8151FB86BCB683F932E8F6538552F7195816ED351A28AE07A753B8F20DE]}
PathItems : {[Microsoft.PowerShell.Utility.psd1,
A7028BD54018AE519381CDF5BF91F3B0417BD9345478086089ACBFAD05C899FC], [Microsoft.PowerShell.Utility.psm1,
1127E8151FB86BCB683F932E8F6538552F7195816ED351A28AE07A753B8F20DE]}
Signature : System.Management.Automation.Signature</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/test-filecatalog?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>New-FileCatalog</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>PowerShellGet</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
<command:details>
<command:name>Unprotect-CmsMessage</command:name>
<command:verb>Unprotect</command:verb>
<command:noun>CmsMessage</command:noun>
<maml:description>
<maml:para>Decrypts content that has been encrypted by using the Cryptographic Message Syntax format.</maml:para>
</maml:description>
</command:details>
<maml:description>
<maml:para>The `Unprotect-CmsMessage` cmdlet decrypts content that has been encrypted by using the Cryptographic Message Syntax (CMS) format.</maml:para>
<maml:para>The CMS cmdlets support encryption and decryption of content using the IETF standard format for cryptographically protecting messages, as documented by RFC5652 (https://tools.ietf.org/html/rfc5652).</maml:para>
<maml:para>The CMS encryption standard uses public key cryptography, where the keys used to encrypt content (the public key) and the keys used to decrypt content (the private key) are separate. Your public key can be shared widely, and is not sensitive data. If any content is encrypted with this public key, only your private key can decrypt it. For more information, see Public-key cryptography (https://en.wikipedia.org/wiki/Public-key_cryptography).</maml:para>
<maml:para>`Unprotect-CmsMessage` decrypts content that has been encrypted in CMS format. You can run this cmdlet to decrypt content that you have encrypted by running the `Protect-CmsMessage` cmdlet. You can specify content that you want to decrypt as a string, by the encryption event log record ID number, or by path to the encrypted content. The `Unprotect-CmsMessage` cmdlet returns the decrypted content.</maml:para>
</maml:description>
<command:syntax>
<command:syntaxItem>
<maml:name>Unprotect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Specifies an encrypted string, or a variable containing an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the a file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeContext</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Unprotect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>EventLogRecord</maml:name>
<maml:Description>
<maml:para>Specifies an event log record ID that represents a CMS encryption operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the a file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeContext</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Unprotect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to decrypt. Unlike Path , the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcard characters. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the a file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeContext</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
<command:syntaxItem>
<maml:name>Unprotect-CmsMessage</maml:name>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to decrypt.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the a file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeContext</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
</command:syntaxItem>
</command:syntax>
<command:parameters>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none">
<maml:name>Content</maml:name>
<maml:Description>
<maml:para>Specifies an encrypted string, or a variable containing an encrypted string.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
<maml:name>EventLogRecord</maml:name>
<maml:Description>
<maml:para>Specifies an event log record ID that represents a CMS encryption operation.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.PSObject</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.PSObject</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
<maml:name>IncludeContext</maml:name>
<maml:Description>
<maml:para></maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.SwitchParameter</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>False</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>LiteralPath</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to decrypt. Unlike Path , the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcard characters. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
<maml:name>Path</maml:name>
<maml:Description>
<maml:para>Specifies the path to encrypted content that you want to decrypt.</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
<dev:type>
<maml:name>System.String</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
<maml:name>To</maml:name>
<maml:Description>
<maml:para>Specifies one or more CMS message recipients, identified in any of the following formats:</maml:para>
<maml:para>- An actual certificate (as retrieved from the certificate provider).</maml:para>
<maml:para>- Path to the a file containing the certificate.</maml:para>
<maml:para>- Path to a directory containing the certificate.</maml:para>
<maml:para>- Thumbprint of the certificate (used to look in the certificate store).</maml:para>
<maml:para>- Subject name of the certificate (used to look in the certificate store).</maml:para>
</maml:Description>
<command:parameterValue required="true" variableLength="false">System.Management.Automation.CmsMessageRecipient[]</command:parameterValue>
<dev:type>
<maml:name>System.Management.Automation.CmsMessageRecipient[]</maml:name>
<maml:uri />
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
</command:parameters>
<command:inputTypes>
<command:inputType>
<dev:type>
<maml:name>System.Diagnostics.Eventing.Reader.EventLogRecord or System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>You can pipe an object containing encrypted content to `Unprotect-CmsMessage`.</maml:para>
</maml:description>
</command:inputType>
</command:inputTypes>
<command:returnValues>
<command:returnValue>
<dev:type>
<maml:name>System.String</maml:name>
</dev:type>
<maml:description>
<maml:para>The unencrypted message.</maml:para>
</maml:description>
</command:returnValue>
</command:returnValues>
<maml:alertSet>
<maml:alert>
<maml:para></maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>----------------- Example 1: Decrypt a message -----------------</maml:title>
<dev:code>$parameters = @{
LiteralPath = "C:\Users\Test\Documents\PowerShell\Future_Plans.txt"
To = '0f 8j b1 ab e0 ce 35 1d 67 d2 f2 6f a2 d2 00 cl 22 z9 m9 85'
}
Unprotect-CmsMessage -LiteralPath @parameters
Try the new Break All command</dev:code>
<dev:remarks>
<maml:para></maml:para>
</dev:remarks>
</command:example>
</command:examples>
<command:relatedLinks>
<maml:navigationLink>
<maml:linkText>Online Version:</maml:linkText>
<maml:uri>https://docs.microsoft.com/powershell/module/microsoft.powershell.security/unprotect-cmsmessage?view=powershell-5.1&WT.mc_id=ps-gethelp</maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>about_Providers</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Get-CmsMessage</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
<maml:navigationLink>
<maml:linkText>Protect-CmsMessage</maml:linkText>
<maml:uri></maml:uri>
</maml:navigationLink>
</command:relatedLinks>
</command:command>
</helpItems>