HelpCache/Microsoft.PowerShell.Security.dll-help.xml
|
<?xml version = "1.0" encoding = "utf-8" ?>
<helpItems schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>ConvertFrom-SecureString</command:name><maml:description><maml:para>Converts a secure string into an encrypted standard string.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>ConvertFrom</command:verb><command:noun>SecureString</command:noun><dev:version /></command:details><maml:description><maml:para>The ConvertFrom-SecureString cmdlet converts a secure string (System.Security.SecureString) into an encrypted standard string (System.String). Unlike a secure string, an encrypted standard string can be saved in a file for later use. The encrypted standard string can be converted back to its secure string format by using the ConvertTo-SecureString cmdlet. </maml:para><maml:para>If an encryption key is specified by using the Key or SecureKey parameters, the Advanced Encryption Standard (AES) encryption algorithm is used. The specified key must have a length of 128, 192, or 256 bits because those are the key lengths supported by the AES encryption algorithm. If no key is specified, the Windows Data Protection API (DPAPI) is used to encrypt the standard string representation.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>ConvertFrom-SecureString</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>SecureString</maml:name><maml:description><maml:para>Specifies the secure string to convert to an encrypted standard string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>SecureKey</maml:name><maml:description><maml:para>Specifies the encryption key as a secure string. The secure string value is converted to a byte array before being used as the key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>ConvertFrom-SecureString</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>SecureString</maml:name><maml:description><maml:para>Specifies the secure string to convert to an encrypted standard string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Key</maml:name><maml:description><maml:para>Specifies the encryption key as a byte array.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Key</maml:name><maml:description><maml:para>Specifies the encryption key as a byte array.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>SecureKey</maml:name><maml:description><maml:para>Specifies the encryption key as a secure string. The secure string value is converted to a byte array before being used as the key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>SecureString</maml:name><maml:description><maml:para>Specifies the secure string to convert to an encrypted standard string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.Security.SecureString</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a SecureString object to ConvertFrom-SecureString.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>ConvertFrom-SecureString returns a standard string object.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>To create a secure string from characters that are typed at the command prompt, use the AsSecureString parameter of the Read-Host cmdlet.</maml:para><maml:para>When you use the Key or SecureKey parameters to specify a key, the key length must be correct. For example, a key of 128 bits can be specified as a byte array of 16 digits. Similarly, 192-bit and 256-bit keys correspond to byte arrays of 24 and 32 digits, respectively.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$SecureString = Read-Host -AsSecureString </dev:code><dev:remarks><maml:para>This command creates a secure string from characters that you type at the command prompt. After entering the command, type the string you want to store as a secure string. An asterisk (*) is displayed to represent each character that you type.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$StandardString = ConvertFrom-SecureString $SecureString </dev:code><dev:remarks><maml:para>This command converts the secure string in the $SecureString variable to an encrypted standard string. The resulting encrypted standard string is stored in the $StandardString variable.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43) PS C:\>$StandardString = ConvertFrom-SecureString $SecureString -Key $Key </dev:code><dev:remarks><maml:para>These commands use the Advanced Encryption Standard (AES) algorithm to convert the secure string stored in the $SecureString variable to an encrypted standard string with a 192-bit key. The resulting encrypted standard string is stored in the $standardstring variable.</maml:para><maml:para>The first command stores a key in the $Key variable. The key is an array of 24 digits, all of which are less than 256.</maml:para><maml:para>Because each digit represents a byte (8 bits), the key has 24 digits for a total of 192 bits (8 x 24). This is a valid key length for the AES algorithm. Each individual value is less than 256, which is the maximum value that can be stored in an unsigned byte.</maml:para><maml:para>The second command uses the key in the $Key variable to convert the secure string to an encrypted standard string.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293932</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>ConvertTo-SecureString</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Read-Host</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>ConvertTo-SecureString</command:name><maml:description><maml:para>Converts encrypted standard strings to secure strings. It can also convert plain text to secure strings. It is used with ConvertFrom-SecureString and Read-Host.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>ConvertTo</command:verb><command:noun>SecureString</command:noun><dev:version /></command:details><maml:description><maml:para>The ConvertTo-SecureString cmdlet converts encrypted standard strings into secure strings. It can also convert plain text to secure strings. It is used with ConvertFrom-SecureString and Read-Host. The secure string created by the cmdlet can be used with cmdlets or functions that require a parameter of type SecureString. The secure string can be converted back to an encrypted, standard string using the ConvertFrom-SecureString cmdlet. This enables it to be stored in a file for later use.</maml:para><maml:para>If the standard string being converted was encrypted with ConvertFrom-SecureString using a specified key, that same key must be provided as the value of the Key or SecureKey parameter of the ConvertTo-SecureString cmdlet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>ConvertTo-SecureString</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>String</maml:name><maml:description><maml:para>Specifies the string to convert to a secure string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>SecureKey</maml:name><maml:description><maml:para>Specifies the encryption key to use when converting a secure string into an encrypted standard string. The key must be provided in the format of a secure string. The secure string is converted to a byte array before being used as the key. Valid key lengths are 16, 24, and 32 bytes.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>ConvertTo-SecureString</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>String</maml:name><maml:description><maml:para>Specifies the string to convert to a secure string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>AsPlainText</maml:name><maml:description><maml:para>Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>ConvertTo-SecureString</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>String</maml:name><maml:description><maml:para>Specifies the string to convert to a secure string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Key</maml:name><maml:description><maml:para>Specifies the encryption key to use when converting a secure string into an encrypted standard string. Valid key lengths are 16, 24, and 32 bytes.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>AsPlainText</maml:name><maml:description><maml:para>Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Key</maml:name><maml:description><maml:para>Specifies the encryption key to use when converting a secure string into an encrypted standard string. Valid key lengths are 16, 24, and 32 bytes.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>SecureKey</maml:name><maml:description><maml:para>Specifies the encryption key to use when converting a secure string into an encrypted standard string. The key must be provided in the format of a secure string. The secure string is converted to a byte array before being used as the key. Valid key lengths are 16, 24, and 32 bytes.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>String</maml:name><maml:description><maml:para>Specifies the string to convert to a secure string.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a standard encrypted string to ConvertTo-SecureString.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.SecureString</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>ConvertTo-SecureString returns a SecureString object.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$secure = read-host -assecurestring PS C:\>$secure System.Security.SecureString PS C:\>$encrypted = convertfrom-securestring -securestring $secure PS C:\>$encrypted 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001a114d45b8dd3f4aa11ad7c0abdae9800000000002000000000003660000a8000000100000005df63cea84bfb7d70bd6842e7 efa79820000000004800000a000000010000000f10cd0f4a99a8d5814d94e0687d7430b100000008bf11f1960158405b2779613e9352c6d14000000e6b7bf46a9d485ff211b9b2a2df3bd 6eb67aae41 PS C:\>$secure2 = convertto-securestring -string $encrypted PS C:\>$secure2 System.Security.SecureString </dev:code><dev:remarks><maml:para>This example shows how to create a secure string from user input, convert the secure string to an encrypted standard string, and then convert the encrypted standard string back to a secure string.</maml:para><maml:para>The first command uses the AsSecureString parameter of the Read-Host cmdlet to create a secure string. After you enter the command, any characters that you type are converted into a secure string and then saved in the $secure variable.</maml:para><maml:para>The second command displays the contents of the $secure variable. Because the $secure variable contains a secure string, Windows PowerShell displays only the System.Security.SecureString type.</maml:para><maml:para>The third command uses the ConvertFrom-SecureString cmdlet to convert the secure string in the $secure variable into an encrypted standard string. It saves the result in the $encrypted variable. The fourth command displays the encrypted string in the value of the $encrypted variable.</maml:para><maml:para>The fifth command uses the ConvertTo-SecureString cmdlet to convert the encrypted standard string in the $encrypted variable back into a secure string. It saves the result in the $secure2 variable. The sixth command displays the value of the $secure2 variable. The SecureString type indicates that the command was successful.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$secure = read-host -assecurestring PS C:\>$encrypted = convertfrom-securestring -secureString $secure -key (1..16) PS C:\>$encrypted | set-content encrypted.txt PS C:\>$secure2 = get-content encrypted.txt | convertto-securestring -key (1..16) </dev:code><dev:remarks><maml:para>This example shows how to create a secure string from an encrypted standard string that is saved in a file.</maml:para><maml:para>The first command uses the AsSecureString parameter of the Read-Host cmdlet to create a secure string. After you enter the command, any characters that you type are converted into a secure string and then saved in the $secure variable.</maml:para><maml:para>The second command uses the ConvertFrom-SecureString cmdlet to convert the secure string in the $secure variable into an encrypted standard string by using the specified key. The contents are saved in the $encrypted variable.</maml:para><maml:para>The third command uses a pipeline operator (|) to send the value of the $encrypted variable to the Set-Content cmdlet, which saves the value in the Encrypted.txt file.</maml:para><maml:para>The fourth command uses the Get-Content cmdlet to get the encrypted standard string in the Encrypted.txt file. The command uses a pipeline operator to send the encrypted string to the ConvertTo-SecureString cmdlet, which converts it to a secure string by using the specified key. The results are saved in the $secure2 variable.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$secure_string_pwd = convertto-securestring "P@ssW0rD!" -asplaintext -force </dev:code><dev:remarks><maml:para>This command converts the plain text string "P@ssW0rD!" into a secure string and stores the result in the $secure_string_pwd variable. To use the AsPlainText parameter, the Force parameter must also be included in the command.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293933</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>ConvertFrom-SecureString</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Read-Host</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-Acl</command:name><maml:description><maml:para>Gets the security descriptor for a resource, such as a file or registry key.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>Acl</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-Acl cmdlet gets objects that represent the security descriptor of a file or resource. The security descriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.</maml:para><maml:para>Beginning in Windows PowerShell 3.0, you can use the InputObject parameter of Get-Acl to get the security descriptor of objects that do not have a path.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-Acl</maml:name><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a resource. Get-Acl gets the security descriptor of the resource indicated by the path. Wildcards are permitted. If you omit the Path parameter, Get-Acl gets the security descriptor of the current directory.</maml:para><maml:para>The parameter name ("Path") is optional.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllCentralAccessPolicies</maml:name><maml:description><maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Audit</maml:name><maml:description><maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when gettting the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-Acl</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllCentralAccessPolicies</maml:name><maml:description><maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Audit</maml:name><maml:description><maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when gettting the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Gets the security descriptor for the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para><maml:para>You cannot pipe an object, other than a path, to Get-Acl. Instead, use the InputObject parameter explicitly in the command.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSObject</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-Acl</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllCentralAccessPolicies</maml:name><maml:description><maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Audit</maml:name><maml:description><maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when gettting the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Specifies the path to a resource. Unlike Path, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Audit</maml:name><maml:description><maml:para>Gets the audit data for the security descriptor from the system access control list (SACL).</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when gettting the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a resource. Get-Acl gets the security descriptor of the resource indicated by the path. Wildcards are permitted. If you omit the Path parameter, Get-Acl gets the security descriptor of the current directory.</maml:para><maml:para>The parameter name ("Path") is optional.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AllCentralAccessPolicies</maml:name><maml:description><maml:para>Gets information about all central access policies that are enabled on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Gets the security descriptor for the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para><maml:para>You cannot pipe an object, other than a path, to Get-Acl. Instead, use the InputObject parameter explicitly in the command.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSObject</command:parameterValue><dev:type><maml:name>PSObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Specifies the path to a resource. Unlike Path, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a string that contains a path to Get-Acl.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.AccessControl</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Get-Acl returns an object that represents the ACLs that it gets. The object type depends upon the ACL type.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>By default, Get-Acl displays the Windows PowerShell path to the resource (<provider>::<resource-path>), the owner of the resource, and "Access", a list (array) of the access control entries in the discretionary access control list (DACL) for the resource. The DACL list is controlled by the resource owner.</maml:para><maml:para>When you format the result as a list, ("Get-Acl | Format-List"), in addition to the path, owner, and access list, Windows PowerShell displays the following properties and property values:</maml:para><maml:para>-- Group: The security group of the owner.</maml:para><maml:para>-- Audit: A list (array) of entries in the system access control list (SACL). The SACL specifies the types of access attempts for which Windows generates audit records.</maml:para><maml:para>-- Sddl: The security descriptor of the resource displayed in a single text string in Security Descriptor Definition Language format. Windows PowerShell uses the GetSddlForm method of security descriptors to get this data.</maml:para><maml:para>Because Get-Acl is supported by the file system and registry providers, you can use Get-Acl to view the ACL of file system objects, such as files and directories, and registry objects, such as registry keys and entries.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Acl C:\Windows </dev:code><dev:remarks><maml:para>This command gets the security descriptor of the C:Windows directory.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Acl C:\Windows\k*.log | Format-List -Property PSPath, Sddl </dev:code><dev:remarks><maml:para>This command gets the Windows PowerShell path and SDDL for all of the .log files in the C:\Windows directory whose names begin with "k."</maml:para><maml:para>The command uses the Get-Acl cmdlet to get objects representing the security descriptors of each log file. It uses a pipeline operator (|) to send the results to the Format-List cmdlet. The command uses the Property parameter of Format-List to display only the PsPath and SDDL properties of each security descriptor object.</maml:para><maml:para>Lists are often used in Windows PowerShell, because long values appear truncated in tables.</maml:para><maml:para>The SDDL values are valuable to system administrators, because they are simple text strings that contain all of the information in the security descriptor. As such, they are easy to pass and store, and they can be parsed when needed.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Acl C:/Windows/k*.log -Audit | Foreach-Object { $_.Audit.Count } </dev:code><dev:remarks><maml:para>This command gets the security descriptors of the .log files in the C:\Windows directory whose names begin with "k." It uses the Audit parameter to get the audit records from the SACL in the security descriptor. Then it uses theForEach-Object cmdlet to count the number of audit records associated with each file. The result is a list of numbers representing the number of audit records for each log file.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Acl -Path HKLM:\System\CurrentControlSet\Control | Format-List </dev:code><dev:remarks><maml:para>This command uses the Get-Acl cmdlet to get the security descriptor of the Control subkey (HKLM\SYSTEM\CurrentControlSet\Control) of the registry.</maml:para><maml:para>The Path parameter specifies the Control subkey. The pipeline operator (|) passes the security descriptor that Get-Acl gets to the Format-List command, which formats the properties of the security descriptor as a list so that they are easy to read.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 5</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Acl -InputObject (Get-StorageSubsystem -Name S087) </dev:code><dev:remarks><maml:para>This command uses the InputObject parameter of Get-Acl to get the security descriptor of a storage subsystem object.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293934</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-Acl</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-AuthenticodeSignature</command:name><maml:description><maml:para>Gets information about the Authenticode signature in a file.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>AuthenticodeSignature</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-AuthenticodeSignature cmdlet gets information about the Authenticode signature in a file. If the file is not signed, the information is retrieved, but the fields are blank.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-AuthenticodeSignature</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilePath</maml:name><maml:description><maml:para>Specifies the path to the file being examined. Wildcards are permitted, but they must lead to a single file. The parameter name ("FilePath") is optional.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-AuthenticodeSignature</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Specifies the path to the file being examined. Unlike FilePath, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilePath</maml:name><maml:description><maml:para>Specifies the path to the file being examined. Wildcards are permitted, but they must lead to a single file. The parameter name ("FilePath") is optional.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Specifies the path to the file being examined. Unlike FilePath, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a string that contains a file path to Get-AuthenticodeSignature.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Management.Automation.Signature</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Get-AuthenticodeSignature returns a signature object for each signature that it gets.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>For information about Authenticode signatures in Windows PowerShell, see about_Signing.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>get-AuthenticodeSignature -filepath C:\Test\NewScript.ps1 </dev:code><dev:remarks><maml:para>This command gets information about the Authenticode signature in the NewScript.ps1 file. It uses the FilePath parameter to specify the file.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>get-authenticodesignature test.ps1, test1.ps1, sign-file.ps1, makexml.ps1 </dev:code><dev:remarks><maml:para>This command gets information about the Authenticode signature in the four files listed at the command line. In this command, the name of the FilePath parameter, which is optional, is omitted.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>get-childitem $pshome\*.* | foreach-object {Get-AuthenticodeSignature $_} | where {$_.status -eq "Valid"} </dev:code><dev:remarks><maml:para>This command lists all of the files in the $pshome directory that have a valid Authenticode signature. The $pshome automatic variable contains the path to the Windows PowerShell installation directory.</maml:para><maml:para>The command uses the Get-ChildItem cmdlet to get the files in the $pshome directory. It uses a pattern of *.* to exclude directories (although it also excludes files without a dot in the filename).</maml:para><maml:para>The command uses a pipeline operator (|) to send the files in $pshome to the Foreach-Object cmdlet, where Get-AuthenticodeSignature is called for each file.</maml:para><maml:para>The results of the Get-AuthenticodeSignature command are sent to a Where-Object command that selects only the signature objects with a status of "Valid".</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293935</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ExecutionPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ExecutionPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Execution_Policies</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Signing</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-Credential</command:name><maml:description><maml:para>Gets a credential object based on a user name and password.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>Credential</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-Credential cmdlet creates a credential object for a specified user name and password. You can use the credential object in security operations.</maml:para><maml:para>Beginning in Windows PowerShell 3.0, you can use the Message parameter to specify a customized message on the dialog box that prompts the user for their name and password.</maml:para><maml:para>The Get-Credential cmdlet prompts the user for a password or a user name and password. By default, an authentication dialog box appears to prompt the user. However, in some host programs, such as the Windows PowerShell console, you can prompt the user at the command line by changing a registry entry. For more information about this registry entry, see the notes and examples.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-Credential</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user name for the credential, such as "User01" or "Domain01\User01". The parameter name ("Credential") is optional.</maml:para><maml:para>When you submit the command, you are prompted for a password.</maml:para><maml:para>Starting in Windows PowerShell 3.0, if you enter a user name without a domain, Get-Credential no longer inserts a backslash before the name.</maml:para><maml:para>If you omit this parameter, you are prompted for a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-Credential</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>UserName</maml:name><maml:description><maml:para>Specifies a user name. The authentication prompt requests a password for the user name. By default, the user name is blank and the authentication prompt requests both a user name and password.</maml:para><maml:para>When the authentication prompt appears in a dialog box, the user can edit the specified user name. However, the user cannot change the user name when the prompt appears at the command line. When using this parameter in a shared function or script, consider all possible presentations.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Message</maml:name><maml:description><maml:para>Specifies a message that appears in the authentication prompt.</maml:para><maml:para>This parameter is designed for use in a function or script. You can use the message to explain to the user why you are requesting credentials and how they will be used.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user name for the credential, such as "User01" or "Domain01\User01". The parameter name ("Credential") is optional.</maml:para><maml:para>When you submit the command, you are prompted for a password.</maml:para><maml:para>Starting in Windows PowerShell 3.0, if you enter a user name without a domain, Get-Credential no longer inserts a backslash before the name.</maml:para><maml:para>If you omit this parameter, you are prompted for a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Message</maml:name><maml:description><maml:para>Specifies a message that appears in the authentication prompt.</maml:para><maml:para>This parameter is designed for use in a function or script. You can use the message to explain to the user why you are requesting credentials and how they will be used.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>UserName</maml:name><maml:description><maml:para>Specifies a user name. The authentication prompt requests a password for the user name. By default, the user name is blank and the authentication prompt requests both a user name and password.</maml:para><maml:para>When the authentication prompt appears in a dialog box, the user can edit the specified user name. However, the user cannot change the user name when the prompt appears at the command line. When using this parameter in a shared function or script, consider all possible presentations.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>None (blank)</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You cannot pipe input to this cmdlet.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Management.Automation.PSCredential</maml:name><maml:uri>http://go.microsoft.com/fwlink/?LinkId=228224</maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Get-Credential returns a credential object.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>You can use the PSCredential object that Get-Credential creates in cmdlets that request user authentication, such as those with a Credential parameter.</maml:para></maml:alert><maml:alert><maml:para>By default, the authentication prompt appears in a dialog box. To display the authentication prompt at the command line, add the ConsolePrompting registry entry (HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\ConsolePrompting) and set its value to True. If the ConsolePrompting registry entry does not exist or if its value is False, the authentication prompt appears in a dialog box. For instructions, see the examples.</maml:para><maml:para>The ConsolePrompting registry entry works in the Windows PowerShell console, but it does not work in all host programs. For example, it has no effect in the Windows PowerShell Integrated Scripting Environment (ISE). For information about the effect of the ConsolePrompting registry entry, see the help topics for the host program.</maml:para></maml:alert><maml:alert><maml:para>The Credential parameter is not supported by all providers that are installed with Windows PowerShell. Beginning in Windows PowerShell 3.0, it is supported on selected cmdlet, such as the Get-WmiObject and New-PSDrive cmdlets.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$c = Get-Credential </dev:code><dev:remarks><maml:para>This command gets a credential object and saves it in the $c variable.</maml:para><maml:para>When you enter the command, a dialog box appears requesting a user name and password. When you enter the requested information, the cmdlet creates a PSCredential object representing the credentials of the user and saves it in the $c variable.</maml:para><maml:para>You can use the object as input to cmdlets that request user authentication, such as those with a Credential parameter. However, some providers that are installed with Windows PowerShell do not support the Credential parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$c = Get-Credential PS C:\>Get-WmiObject Win32_DiskDrive -ComputerName Server01 -Credential $c </dev:code><dev:remarks><maml:para>These commands use a credential object that the Get-Credential cmdlet returns to authenticate a user on a remote computer so they can use Windows Management Instrumentation (WMI) to manage the computer.</maml:para><maml:para>The first command gets a credential object and saves it in the $c variable. The second command uses the credential object in a Get-WmiObject command. This command gets information about the disk drives on the Server01 computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WmiObject Win32_BIOS -ComputerName Server01 -Credential (Get-Credential -Credential Domain01\User01) </dev:code><dev:remarks><maml:para>This command shows how to include a Get-Credential command in a Get-WmiObject command.</maml:para><maml:para>This command uses the Get-WmiObject cmdlet to get information about the BIOS on the Server01 computer. It uses the Credential parameter to authenticate the user, Domain01\User01, and a Get-Credential command as the value of the Credential parameter.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$c = Get-Credential -credential User01 PS C:\>$c.Username \User01 </dev:code><dev:remarks><maml:para>This example creates a credential that includes a user name without a domain name. It demonstrates that Get-Credential inserts a backslash before the user name.</maml:para><maml:para>The first command gets a credential with the user name User01 and stores it in the $c variable.</maml:para><maml:para>The second command displays the value of the Username property of the resulting credential object.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$Credential = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "NetBiosUserName") </dev:code><dev:remarks><maml:para>This command uses the PromptForCredential method to prompt the user for their user name and password. The command saves the resulting credentials in the $Credential variable.</maml:para><maml:para>The PromptForCredential method is an alternative to using the Get-Credential cmdlet. When you use PromptForCredential, you can specify the caption, messages, and user name that appear in the message box.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds" -Name ConsolePrompting -Value $true </dev:code><dev:remarks><maml:para>This example shows how to modify the registry so that the user is prompted at the command line, instead of by using a dialog box. </maml:para><maml:para>The command creates the ConsolePrompting registry entry and sets its value to True. To run this command, start Windows PowerShell with the "Run as administrator" option.</maml:para><maml:para>To use a dialog box for prompting, set the value of the ConsolePrompting to false ($false) or use the Remove-ItemProperty cmdlet to delete it.</maml:para><maml:para>The ConsolePrompting registry entry works in some host programs, such as the Windows PowerShell console. It might not work in all host programs.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command saves the user account name in the $User parameter. The value must have the "Domain\User" or "ComputerName\User" format. PS C:\>$User = "Domain01\User01" The second command uses the ConvertTo-SecureString cmdlet to create a secure string from a plain text password. The command uses the AsPlainText parameter to indicate that the string is plain text and the Force parameter to confirm that you understand the risks of using plain text. PS C:\>$PWord = ConvertTo-SecureString –String "P@sSwOrd" –AsPlainText -Force The third command uses the New-Object cmdlet to create a PSCredential object from the values in the $User and $PWord variables. PS C:\>$Credential = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $PWord </dev:code><dev:remarks><maml:para>This example shows how to create a credential object that is identical to the object that Get-Credential returns without prompting the user. This method requires a plain text password, which might violate the security standards in some enterprises.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Credential -Message "Credential are required for access to the \\Server1\Scripts file share." -User Server01\PowerUsers Windows PowerShell Credential Request Credential are required for access to the \\Server1\Scripts file share. Password for user ntdev\juneb: </dev:code><dev:remarks><maml:para>This command uses the Message and UserName parameters of the Get-Credential cmdlet. This command format is designed for shared scripts and functions. In this case, the message tells the user why credentials are needed and gives them confidence that the request is legitimate.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Invoke-Command -ComputerName Server01 {Get-Credential Domain01\User02} Windows PowerShell Credential Request : Windows PowerShell Credential Request Warning: This credential is being requested by a script or application on the SERVER01 remote computer. Enter your credentials only if you trust the remote computer and the application or script requesting it. Enter your credentials. Password for user Domain01\User02: *************** PSComputerName : Server01 RunspaceId : 422bdf52-9886-4ada-ab2f-130497c6777f PSShowComputerName : True UserName : Domain01\User01 Password : System.Security.SecureString </dev:code><dev:remarks><maml:para>This command gets a credential from the Server01 remote computer. The command uses the Invoke-Command cmdlet to run a Get-Credential command on the remote computer. The output shows the remote security message that Get-Credential includes in the authentication prompt.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293936</maml:uri></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-ExecutionPolicy</command:name><maml:description><maml:para>Gets the execution policies for the current session.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ExecutionPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-ExecutionPolicy cmdlet gets the execution policies for the current session.</maml:para><maml:para>The execution policy is determined by execution policies that you set by using Set-ExecutionPolicy and the Group Policy settings for the Windows PowerShell execution policy. The default value is "Restricted."</maml:para><maml:para>Without parameters, Get-ExecutionPolicy gets the execution policy that is effective in the session. You can use the List parameter to get all execution policies that affect the session or the Scope parameter to get the execution policy for a particular scope.</maml:para><maml:para>For more information, see about_Execution_Policies (http://go.microsoft.com/fwlink/?LinkID=135170).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ExecutionPolicy</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Gets the execution policy in the specified scope. By default, Get-ExecutionPolicy gets the effective execution policy for the current session.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- MachinePolicy: The execution policy set by a Group Policy for all users of the computer.</maml:para><maml:para>-- UserPolicy: The execution policy set by a Group Policy for the current user of the computer.</maml:para><maml:para>-- Process: The execution policy that is set for the current Windows PowerShell process.</maml:para><maml:para>-- CurrentUser: The execution policy that is set for the current user.</maml:para><maml:para>-- LocalMachine: The execution policy that is set for all users of the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ExecutionPolicyScope</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>List</maml:name><maml:description><maml:para>Gets all execution policy values for the session listed in precedence order. By default, Get-ExecutionPolicy gets only the effective execution policy.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>List</maml:name><maml:description><maml:para>Gets all execution policy values for the session listed in precedence order. By default, Get-ExecutionPolicy gets only the effective execution policy.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Gets the execution policy in the specified scope. By default, Get-ExecutionPolicy gets the effective execution policy for the current session.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- MachinePolicy: The execution policy set by a Group Policy for all users of the computer.</maml:para><maml:para>-- UserPolicy: The execution policy set by a Group Policy for the current user of the computer.</maml:para><maml:para>-- Process: The execution policy that is set for the current Windows PowerShell process.</maml:para><maml:para>-- CurrentUser: The execution policy that is set for the current user.</maml:para><maml:para>-- LocalMachine: The execution policy that is set for all users of the computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ExecutionPolicyScope</command:parameterValue><dev:type><maml:name>ExecutionPolicyScope</maml:name><maml:uri /></dev:type><dev:defaultValue>Effective execution policy</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You cannot pipe input to this cmdlet.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.PowerShell.ExecutionPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run.</maml:para><maml:para>The effective execution policy is determined by the policies that you set by using the Set-ExecutionPolicy cmdlet and the "Turn on Script Execution" group policies for computers and users. The precedence order is Computer Group Policy > User Group Policy > Process (session) execution policy > User execution policy > Computer execution policy.</maml:para><maml:para>For more information about Windows PowerShell execution policy, including definitions of the Windows PowerShell policies, see about_Execution_Policies (http://go.microsoft.com/fwlink/?LinkID=135170).</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ExecutionPolicy Restricted </dev:code><dev:remarks><maml:para>This command gets the current execution policy for the computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ExecutionPolicy RemoteSigned PS C:\>Get-ExecutionPolicy RemoteSigned </dev:code><dev:remarks><maml:para>These commands set a new user preference for the execution policy and then display the effective execution policy. The commands are separated by a semicolon (;). In this example, because there is no Group Policy setting, the user preference is the effective policy for the computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-ExecutionPolicy -list Scope ExecutionPolicy ----- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser AllSigned LocalMachine RemoteSigned PS C:\>Get-ExecutionPolicy AllSigned </dev:code><dev:remarks><maml:para>These commands get all execution policies in the current session and the effective execution policy.</maml:para><maml:para>The first command gets all execution policies that affect the current session. The policies are listed in precedence order.</maml:para><maml:para>The second command gets only the effective execution policy, which is the one set in the CurrentUser scope.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-ExecutionPolicy cmdlet to get the effective execution policy in the current session. PS C:\>Get-ExecutionPolicy RemoteSigned The second command shows what happens when you run a blocked script in a Windows PowerShell session in which the execution policy is RemoteSigned. The RemoteSigned policy prevents you from running scripts that are downloaded from the Internet unless they are digitally signed. PS C:\>.\Start-ActivityTracker.ps1 .\Start-ActivityTracker.ps1 : File .\Start-ActivityTracker.ps1 cannot be loaded. The file .\Start-ActivityTracker.ps1 is not digitally signed. The script will not execute on the system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1 + .\Start-ActivityTracker.ps1 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], PSSecurityException + FullyQualifiedErrorId : UnauthorizedAccess The third command uses the Unblock-File cmdlet to unblock the script so it can run in the session.Before running an Unblock-File command, read the script contents and verify that it is safe. PS C:\>Unblock-File -Path Start-ActivityTracker.ps1 This command shows the effect of the Unblock-File command. The command does not change the execution policy. However, it unblocks the script so it will run in Windows PowerShell. PS C:\>Get-ExecutionPolicy RemoteSigned PS C:\>Start-ActivityTracker.ps1 Task 1: </dev:code><dev:remarks><maml:para>This example shows the effect of the RemoteSigned execution policy, which prevents you from running unsigned scripts that were downloaded from the Internet. It also shows how to use the Unblock-File cmdlet to unblock scripts, so that you can run them without changing the execution policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293937</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ExecutionPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unblock-File</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Execution_Policies</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Signing</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-PfxCertificate</command:name><maml:description><maml:para>Gets information about .pfx certificate files on the computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>PfxCertificate</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-PfxCertificate cmdlet gets an object representing each specified .pfx certificate file. A .pfx file includes both the certificate and a private key.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-PfxCertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilePath</maml:name><maml:description><maml:para>The full path to the .pfx file of the secured file. The parameter name ("FilePath") is optional.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-PfxCertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>The full path to the .pfx file of the secured file. Unlike FilePath, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilePath</maml:name><maml:description><maml:para>The full path to the .pfx file of the secured file. The parameter name ("FilePath") is optional.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>The full path to the .pfx file of the secured file. Unlike FilePath, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a string that contains a file path to Get-PfxCertificate.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>Get-PfxCertificate returns an object for each certificate that it gets.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>When using the Invoke-Command cmdlet to run a Get-PfxCertificate command remotely, and the .pfx certificate file is not password protected, the value of the Authentication parameter of Invoke-Command must be "CredSSP".</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>get-pfxcertificate -filepath C:\windows\system32\Test.pfx Password: ****** Signer Certificate: Matt Berg (Self Certificate) Time Certificate: Time Stamp: Path: C:\windows\system32\zap.pfx </dev:code><dev:remarks><maml:para>This command gets information about the Test.pfx certificate on the system.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>invoke-command -computername Server01 -scriptblock {get-pfxcertificate -filepath C:\Text\TestNoPassword.pfx} -authentication CredSSP </dev:code><dev:remarks><maml:para>This command gets a .pfx certificate file from the Server01 remote computer. It uses the Invoke-Command to run a Get-PfxCertificate command remotely.</maml:para><maml:para>When the .pfx certificate file is not password-protected, the value of the Authentication parameter of Invoke-Command must be "CredSSP".</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293938</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Signing</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-Acl</command:name><maml:description><maml:para>Changes the security descriptor of a specified item, such as a file or a registry key.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>Acl</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-Acl cmdlet changes the security descriptor of a specified item, such as a file or a registry key, to match the values in a security descriptor that you supply.</maml:para><maml:para>To use Set-Acl, use the Path or InputObject parameter to identify the item whose security descriptor you want to change. Then, use the AclObject or SecurityDescriptor parameters to supply a security descriptor that has the values you want to apply. Set-Acl applies the security descriptor that is supplied. It uses the value of the AclObject parameter as a model and changes the values in the item's security descriptor to match the values in the AclObject parameter.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-Acl</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Changes the security descriptor of the specified item. Enter the path to an item, such as a path to a file or registry key. Wildcards are permitted.</maml:para><maml:para>If you pass a security object to Set-Acl (either by using the AclObject or SecurityDescriptor parameters or by passing a security object from Get-Acl to Set-Acl), and you omit the Path parameter (name and value), Set-Acl uses the path that is included in the security object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="2" aliases=""><maml:name>AclObject</maml:name><maml:description><maml:para>Specifies an ACL with the desired property values. Set-Acl changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para><maml:para>You can save the output of a Get-Acl command in a variable and then use the AclObject parameter to pass the variable, or type a Get-Acl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases=""><maml:name>CentralAccessPolicy</maml:name><maml:description><maml:para>Establishes or changes the central access policy of the item. Enter the CAP ID or friendly name of a central access policy on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ClearCentralAccessPolicy</maml:name><maml:description><maml:para>Removes the central access policy from the specified item.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Passthru</maml:name><maml:description><maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-Acl</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="2" aliases=""><maml:name>AclObject</maml:name><maml:description><maml:para>Specifies an ACL with the desired property values. Set-Acl changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para><maml:para>You can save the output of a Get-Acl command in a variable and then use the AclObject parameter to pass the variable, or type a Get-Acl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases=""><maml:name>CentralAccessPolicy</maml:name><maml:description><maml:para>Establishes or changes the central access policy of the item. Enter the CAP ID or friendly name of a central access policy on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ClearCentralAccessPolicy</maml:name><maml:description><maml:para>Removes the central access policy from the specified item.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Passthru</maml:name><maml:description><maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Changes the security descriptor of the specified item. Unlike Path, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-Acl</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Changes the security descriptor of the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para><maml:para>You cannot pipe the object to be changed to Set-Acl. Instead, use the InputObject parameter explicitly in the command.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSObject</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="2" aliases=""><maml:name>AclObject</maml:name><maml:description><maml:para>Specifies an ACL with the desired property values. Set-Acl changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para><maml:para>You can save the output of a Get-Acl command in a variable and then use the AclObject parameter to pass the variable, or type a Get-Acl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Passthru</maml:name><maml:description><maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="2" aliases=""><maml:name>AclObject</maml:name><maml:description><maml:para>Specifies an ACL with the desired property values. Set-Acl changes the ACL of item specified by the Path or InputObject parameter to match the values in the specified security object.</maml:para><maml:para>You can save the output of a Get-Acl command in a variable and then use the AclObject parameter to pass the variable, or type a Get-Acl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Exclude</maml:name><maml:description><maml:para>Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Filter</maml:name><maml:description><maml:para>Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="false" position="named" aliases=""><maml:name>Include</maml:name><maml:description><maml:para>Changes only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as "*.txt". Wildcards are permitted.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Passthru</maml:name><maml:description><maml:para>Returns an object that represents the security descriptor that was changed. By default, this cmdlet does not generate any output.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Changes the security descriptor of the specified item. Enter the path to an item, such as a path to a file or registry key. Wildcards are permitted.</maml:para><maml:para>If you pass a security object to Set-Acl (either by using the AclObject or SecurityDescriptor parameters or by passing a security object from Get-Acl to Set-Acl), and you omit the Path parameter (name and value), Set-Acl uses the path that is included in the security object.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="3" aliases=""><maml:name>CentralAccessPolicy</maml:name><maml:description><maml:para>Establishes or changes the central access policy of the item. Enter the CAP ID or friendly name of a central access policy on the computer.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ClearCentralAccessPolicy</maml:name><maml:description><maml:para>Removes the central access policy from the specified item.</maml:para><maml:para>Beginning in Windows Server® 2012, administrators can use Active Directory and Group Policy to set central access policies for users and groups. For more information, see "Central Access Policies" at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=238408</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Changes the security descriptor of the specified object. Enter a variable that contains the object or a command that gets the object.</maml:para><maml:para>You cannot pipe the object to be changed to Set-Acl. Instead, use the InputObject parameter explicitly in the command.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSObject</command:parameterValue><dev:type><maml:name>PSObject</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Changes the security descriptor of the specified item. Unlike Path, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para><maml:para>This parameter is introduced in Windows PowerShell 3.0.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>UseTransaction</maml:name><maml:description><maml:para>Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.Security.AccessControl.ObjectSecurity, System.Security.AccessControl.CommonSecurityDescriptor</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe an ACL object or a security descriptor to Set-Acl.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.AccessControl.FileSecurity</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>By default, Set-Acl does not generate any output. However, if you use the Passthru parameter, it generates a security object. The type of the security object depends on the type of the item.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The Set-Acl cmdlet is supported by the Windows PowerShell file system and registry providers. As such, you can use it to change the security descriptors of files, directories, and registry keys.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$DogACL = Get-Acl C:\Dog.txt PS C:\>Set-Acl -Path C:\Cat.txt -AclObject $DogACL </dev:code><dev:remarks><maml:para>These commands copy the values from the security descriptor of the Dog.txt file to the security descriptor of the Cat.txt file. When the commands complete, the security descriptors of the Dog.txt and Cat.txt files are identical.</maml:para><maml:para>The first command uses the Get-Acl cmdlet to get the security descriptor of the Dog.txt file. The assignment operator (=) stores the security descriptor in the value of the $DogACL variable.</maml:para><maml:para>The second command uses Set-Acl to change the values in the ACL of Cat.txt to the values in $DogACL.</maml:para><maml:para>The value of the Path parameter is the path to the Cat.txt file. The value of the AclObject parameter is the model ACL, in this case, the ACL of Dog.txt as saved in the $DogACL variable.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Acl C:\Dog.txt | Set-Acl -Path C:\Cat.txt </dev:code><dev:remarks><maml:para>This command is almost the same as the command in the previous example, except that it uses a pipeline operator to send the security descriptor from a Get-Aclcommand to a Set-Acl command.</maml:para><maml:para>The first command uses the Get-Acl cmdlet to get the security descriptor of the Dog.txt file. The pipeline operator (|) passes an object that represents the Dog.txt security descriptor to the Set-Acl cmdlet.</maml:para><maml:para>The second command uses Set-Acl to apply the security descriptor of Dog.txt to Cat.txt. When the command completes, the ACLs of the Dog.txt and Cat.txt files are identical.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$NewAcl = Get-Acl File0.txt PS C:\>Get-ChildItem c:\temp -Recurse -Include *.txt -Force | Set-Acl -AclObject $NewAcl </dev:code><dev:remarks><maml:para>These commands apply the security descriptors in the File0.txt file to all text files in the C:\Temp directory and all of its subdirectories.</maml:para><maml:para>The first command gets the security descriptor of the File0.txt file in the current directory and uses the assignment operator (=) to store it in the $NewACL variable.</maml:para><maml:para>The first command in the pipeline uses the Get-ChildItem cmdlet to get all of the text files in the C:\Temp directory. The Recurse parameter extends the command to all subdirectories of C:\temp. The Include parameter limits the files retrieved to those with the ".txt" file name extension. The Force parameter gets hidden files, which would otherwise be excluded. (You cannot use "c:\temp\*.txt", because the Recurse parameter works on directories, not on files.)</maml:para><maml:para>The pipeline operator (|) sends the objects representing the retrieved files to the Set-Acl cmdlet, which applies the security descriptor in the AclObject parameter to all of the files in the pipeline.</maml:para><maml:para>In practice, it is best to use the Whatif parameter with all Set-Acl commands that can affect more than one item. In this case, the second command in the pipeline would be "Set-Acl -AclObject $NewAcl -WhatIf". This command lists the files that would be affected by the command. After reviewing the result, you can run the command again without the Whatif parameter.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293939</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-Acl</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-AuthenticodeSignature</command:name><maml:description><maml:para>Adds an Authenticode signature to a Windows PowerShell script or other file.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>AuthenticodeSignature</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-AuthenticodeSignature cmdlet adds an Authenticode signature to any file that supports Subject Interface Package (SIP).</maml:para><maml:para>In a Windows PowerShell script file, the signature takes the form of a block of text that indicates the end of the instructions that are executed in the script. If there is a signature in the file when this cmdlet runs, that signature is removed.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-AuthenticodeSignature</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilePath</maml:name><maml:description><maml:para>Specifies the path to a file that is being signed.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para><maml:para>To find a certificate, use Get-PfxCertificate or use the Get-ChildItem cmdlet in the Certificate (Cert:) drive. If the certificate is not valid or does not have code-signing authority, the command fails.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HashAlgorithm</maml:name><maml:description><maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file. </maml:para><maml:para>For Windows PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For Windows PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeChain</maml:name><maml:description><maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. "NotRoot" is the default.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- Signer: Includes only the signer's certificate.</maml:para><maml:para>-- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para><maml:para>--All: Includes all the certificates in the certificate chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimestampServer</maml:name><maml:description><maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para><maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-AuthenticodeSignature</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para><maml:para>To find a certificate, use Get-PfxCertificate or use the Get-ChildItem cmdlet in the Certificate (Cert:) drive. If the certificate is not valid or does not have code-signing authority, the command fails.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HashAlgorithm</maml:name><maml:description><maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file. </maml:para><maml:para>For Windows PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For Windows PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeChain</maml:name><maml:description><maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. "NotRoot" is the default.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- Signer: Includes only the signer's certificate.</maml:para><maml:para>-- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para><maml:para>--All: Includes all the certificates in the certificate chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimestampServer</maml:name><maml:description><maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para><maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Specifies the path to a file that is being signed. Unlike FilePath, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies the certificate that will be used to sign the script or file. Enter a variable that stores an object representing the certificate or an expression that gets the certificate.</maml:para><maml:para>To find a certificate, use Get-PfxCertificate or use the Get-ChildItem cmdlet in the Certificate (Cert:) drive. If the certificate is not valid or does not have code-signing authority, the command fails.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilePath</maml:name><maml:description><maml:para>Specifies the path to a file that is being signed.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Allows the cmdlet to append a signature to a read-only file. Even using the Force parameter, the cmdlet cannot override security restrictions.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HashAlgorithm</maml:name><maml:description><maml:para>Specifies the hashing algorithm that Windows uses to compute the digital signature for the file. </maml:para><maml:para>For Windows PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For Windows PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>SHA256</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>IncludeChain</maml:name><maml:description><maml:para>Determines which certificates in the certificate trust chain are included in the digital signature. "NotRoot" is the default.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- Signer: Includes only the signer's certificate.</maml:para><maml:para>-- NotRoot: Includes all of the certificates in the certificate chain, except for the root authority.</maml:para><maml:para>--All: Includes all the certificates in the certificate chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>NotRoot</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>TimestampServer</maml:name><maml:description><maml:para>Uses the specified time stamp server to add a time stamp to the signature. Type the URL of the time stamp server as a string.</maml:para><maml:para>The time stamp represents the exact time that the certificate was added to the file. A time stamp prevents the script from failing if the certificate expires because users and programs can verify that the certificate was valid at the time of signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="named" aliases=""><maml:name>LiteralPath</maml:name><maml:description><maml:para>Specifies the path to a file that is being signed. Unlike FilePath, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a string that contains the file path to Set-AuthenticodeSignature.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Management.Automation.Signature</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$cert=Get-ChildItem -Path cert:\CurrentUser\my -CodeSigningCert PS C:\>Set-AuthenticodeSignature -FilePath PsTestInternet2.ps1 -certificate $cert </dev:code><dev:remarks><maml:para>These commands retrieve a code-signing certificate from the Windows PowerShell certificate provider and use it to sign a Windows PowerShell script.</maml:para><maml:para>The first command uses the Get-ChildItem cmdlet and the Windows PowerShell certificate provider to get the certificates in the Cert:\CurrentUser\My subdirectory of the certificate store. (The Cert: drive is the drive exposed by the certificate provider.) The CodeSigningCert parameter, which is supported only by the certificate provider, limits the certificates retrieved to those with code-signing authority. The command stores the result in the $cert variable.</maml:para><maml:para>The second command uses the Set-AuthenticodeSignature cmdlet to sign the PSTestInternet2.ps1 script. It uses the FilePath parameter to specify the name of the script and the Certificate parameter to specify that the certificate is stored in the $cert variable.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$cert = Get-PfxCertificate C:\Test\Mysign.pfx PS C:\>Set-AuthenticodeSignature -Filepath ServerProps.ps1 -Cert $cert </dev:code><dev:remarks><maml:para>These commands use the Get-PfxCertificate cmdlet to find a code signing certificate. Then, they use it to sign a Windows PowerShell script.</maml:para><maml:para>The first command uses the Get-PfxCertificate cmdlet to find the C:\Test\MySign.pfx certificate and store it in the $cert variable.</maml:para><maml:para>The second command uses Set-AuthenticodeSignature to sign the script. The FilePath parameter of Set-AuthenticodeSignature specifies the path to the script file being signed and the Cert parameter passes the $cert variable containing the certificate to Set-AuthenticodeSignature.</maml:para><maml:para>If the certificate file is password protected, Windows PowerShell prompts you for the password.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-AuthenticodeSignature -filepath c:\scripts\Remodel.ps1 -certificate $cert -IncludeChain All -TimeStampServer "http://timestamp.fabrikam.com/scripts/timstamper.dll" </dev:code><dev:remarks><maml:para>This command adds a digital signature that includes the root authority in the trust chain, and it is signed by a third-party timestamp server.</maml:para><maml:para>The command uses the FilePath parameter to specify the script being signed and the Certificate parameter to specify the certificate that is saved in the $cert variable. It uses the IncludeChain parameter to include all of the signatures in the trust chain (including the root authority). It also uses the TimeStampServer parameter to add a timestamp to the signature. This prevents the script from failing when the certificate expires.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293940</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ExecutionPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PfxCertificate</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ExecutionPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Execution_Policies</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Signing</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-ExecutionPolicy</command:name><maml:description><maml:para>Changes the user preference for the Windows PowerShell execution policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ExecutionPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.</maml:para><maml:para>The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run. For more information, see about_Execution_Policies (http://go.microsoft.com/fwlink/?LinkID=135170).</maml:para><maml:para>NOTE: To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator" option.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ExecutionPolicy</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>ExecutionPolicy</maml:name><maml:description><maml:para>Specifies the new execution policy. Valid values are:</maml:para><maml:para>-- Restricted: Does not load configuration files or run scripts. "Restricted" is the default execution policy.</maml:para><maml:para>-- AllSigned: Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.</maml:para><maml:para>-- RemoteSigned: Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.</maml:para><maml:para>-- Unrestricted: Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.</maml:para><maml:para>-- Bypass: Nothing is blocked and there are no warnings or prompts.</maml:para><maml:para>-- Undefined: Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ExecutionPolicy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="2" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope of the execution policy. The default is LocalMachine.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- Process: The execution policy affects only the current Windows PowerShell process.</maml:para><maml:para>-- CurrentUser: The execution policy affects only the current user.</maml:para><maml:para>-- LocalMachine: The execution policy affects all users of the computer.</maml:para><maml:para>To remove an execution policy from a particular scope, set the execution policy for that scope to Undefined.</maml:para><maml:para>When the value of the Scope parameter is Process, the execution policy is saved in the PSExecutionPolicyPreference environment variable ($env:PSExecutionPolicyPreference), instead of the registry, and the variable is deleted when the process is closed. You cannot change the execution policy of the process by editing the variable.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ExecutionPolicyScope</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Suppresses all prompts. By default, Set-ExecutionPolicy displays a warning whenever you change the execution policy.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="1" aliases=""><maml:name>ExecutionPolicy</maml:name><maml:description><maml:para>Specifies the new execution policy. Valid values are:</maml:para><maml:para>-- Restricted: Does not load configuration files or run scripts. "Restricted" is the default execution policy.</maml:para><maml:para>-- AllSigned: Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.</maml:para><maml:para>-- RemoteSigned: Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.</maml:para><maml:para>-- Unrestricted: Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.</maml:para><maml:para>-- Bypass: Nothing is blocked and there are no warnings or prompts.</maml:para><maml:para>-- Undefined: Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ExecutionPolicy</command:parameterValue><dev:type><maml:name>ExecutionPolicy</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Suppresses all prompts. By default, Set-ExecutionPolicy displays a warning whenever you change the execution policy.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="2" aliases=""><maml:name>Scope</maml:name><maml:description><maml:para>Specifies the scope of the execution policy. The default is LocalMachine.</maml:para><maml:para>Valid values are:</maml:para><maml:para>-- Process: The execution policy affects only the current Windows PowerShell process.</maml:para><maml:para>-- CurrentUser: The execution policy affects only the current user.</maml:para><maml:para>-- LocalMachine: The execution policy affects all users of the computer.</maml:para><maml:para>To remove an execution policy from a particular scope, set the execution policy for that scope to Undefined.</maml:para><maml:para>When the value of the Scope parameter is Process, the execution policy is saved in the PSExecutionPolicyPreference environment variable ($env:PSExecutionPolicyPreference), instead of the registry, and the variable is deleted when the process is closed. You cannot change the execution policy of the process by editing the variable.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">ExecutionPolicyScope</command:parameterValue><dev:type><maml:name>ExecutionPolicyScope</maml:name><maml:uri /></dev:type><dev:defaultValue>LocalMachine</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.PowerShell.ExecutionPolicy, System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe an execution policy object or a string that contains the name of an execution policy to Set-ExecutionPolicy.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet does not return any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>When you use Set-ExecutionPolicy in any scope other than Process, the new user preference is saved in the registry and remains unchanged until you change it. When the value of the Scope parameter is Process, the user preference is stored in the PSExecutionPolicyPreference environment variable ($env:PSExecutionPolicyPreference), instead of the registry, and it is deleted when the session in which it is effective is closed.</maml:para><maml:para>If the "Turn on Script Execution" Group Policy is enabled for the computer or user, the user preference is saved, but it is not effective, and Windows PowerShell displays a message explaining the conflict. You cannot use Set-ExecutionPolicy to override a Group Policy, even if the user preference is more restrictive than the policy.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ExecutionPolicy RemoteSigned </dev:code><dev:remarks><maml:para>This command sets the user preference for the shell execution policy to RemoteSigned.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ExecutionPolicy Restricted Set-ExecutionPolicy : Windows PowerShell updated your local preference successfully, but the setting is overridden by the group policy applied to your system. Due to the override, your shell will retain its current effective execution policy of "AllSigned". Contact your group policy administrator for more information. At line:1 char:20 + Set-ExecutionPolicy <<<< restricted </dev:code><dev:remarks><maml:para>This command attempts to set the execution policy for the shell to "Restricted." The "Restricted" setting is written to the registry, but because it conflicts with a Group Policy, it is not effective, even though it is more restrictive than the policy.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Invoke-Command -ComputerName Server01 -ScriptBlock {Get-ExecutionPolicy} | Set-ExecutionPolicy -Force </dev:code><dev:remarks><maml:para>This command gets the execution policy from a remote computer and applies that execution policy to the local computer.</maml:para><maml:para>The command uses the Invoke-Command cmdlet to send the command to the remote computer. Because you can pipe an ExecutionPolicy (Microsoft.PowerShell.ExecutionPolicy) object to Set-ExecutionPolicy, the Set-ExecutionPolicy command does not need an ExecutionPolicy parameter.</maml:para><maml:para>The command uses the Force parameter to suppress the user prompt.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Set-ExecutionPolicy cmdlet to set an execution policy of AllSigned for the current user. It uses the Force parameter to suppress the user prompts. PS C:\>Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy AllSigned -Force The second command uses the List parameter of the Get-ExecutionPolicy cmdlet to get the execution policies set in each scope. The results show that the execution policy that is set for the current user differs from the execution policy set for all users of the computer. PS C:\>Get-ExecutionPolicy -List Scope ExecutionPolicy ----- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser AllSigned LocalMachine RemoteSigned PS C:\>Get-ExecutionPolicy AllSigned </dev:code><dev:remarks><maml:para>This example shows how to set an execution policy for a particular scope.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Undefined </dev:code><dev:remarks><maml:para>This command uses an execution policy value of Undefined to effectively remove the execution policy that is set for the current user scope. As a result, the execution policy that is set in Group Policy or in the LocalMachine (all users) scope is effective.</maml:para><maml:para>If you set the execution policy in all scopes to Undefined and the Group Policy is not set, the default execution policy, Restricted, is effective for all users of the computer.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Set-ExecutionPolicy -Scope Process -ExecutionPolicy AllSigned </dev:code><dev:remarks><maml:para>This command sets an execution policy of AllSigned for only the current Windows PowerShell session. This execution policy is saved in the PSExecutionPolicyPreference environment variable ($env:PSExecutionPolicyPreference), so it does not affect the value in the registry. The variable and its value are deleted when the current session is closed.</maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Set-ExecutionPolicy cmdlet to change the execution policy to RemoteSigned. PS C:\>Set-ExecutionPolicy RemoteSigned The second command uses the Get-ExecutionPolicy cmdlet to get the effective execution policy in the session. The output shows that it is RemoteSigned. PS C:\>Get-ExecutionPolicy RemoteSigned The third command shows what happens when you run a blocked script in a Windows PowerShell session in which the execution policy is RemoteSigned. The RemoteSigned policy prevents you from running scripts that are downloaded from the Internet unless they are digitally signed. PS C:\>.\Start-ActivityTracker.ps1 .\Start-ActivityTracker.ps1 : File .\Start-ActivityTracker.ps1 cannot be loaded. The file .\Start-ActivityTracker.ps1 is not digitally signed. The script will not execute on the system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1 + .\Start-ActivityTracker.ps1 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], PSSecurityException + FullyQualifiedErrorId : UnauthorizedAccess The fourth command uses the Unblock-File cmdlet to unblock the script so it can run in the session.Before running an Unblock-File command, read the script contents and verify that it is safe. PS C:\>Unblock-File -Path Start-ActivityTracker.ps1 The fifth and sixth commands show the effect of the Unblock-File command. The Unblock-File command does not change the execution policy. However, it unblocks the script so it will run in Windows PowerShell. PS C:\>Get-ExecutionPolicy RemoteSigned PS C:\>Start-ActivityTracker.ps1 Task 1: </dev:code><dev:remarks><maml:para>This example shows the effect of the RemoteSigned execution policy, which prevents you from running unsigned scripts that were downloaded from the Internet. It also shows how to use the Unblock-File cmdlet to unblock scripts, so that you can run them without changing the execution policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=293941</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ExecutionPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthenticodeSignature</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Execution_Policies</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_Signing</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <!-- v 1.3.0.35 --> <providerHelp> <Name> Certificate </Name> <Drives> <Para>Cert:</Para> </Drives> <Synopsis> Provides access to X.509 certificate stores and certificates in Windows PowerShell. </Synopsis> <DetailedDescription> <para>The Windows PowerShell Certificate provider lets you navigate the certificate namespace and view the certificate stores and certificates. It also lets you open the Certificates snap-in for the Microsoft Management Console (MMC). NOTE: Beginning in Windows PowerShell 3.0, the Microsoft.PowerShell.Security module that contains the Certificate Provider is not imported automatically into every session. To use the Cert: drive, use the Import-Module cmdlet to import the module, or run a command that uses the Cert: drive, such as a "Set-Location Cert:" command. Beginning in Windows PowerShell 3.0, the Certificate provider enhances its support for managing Secure Socket Layer (SSL) certificates for web hosting by adding support for cmdlets and new dynamic parameters that create and delete certificate stores in the LocalMachine certificate store location, and find, move, and delete certificates. New dynamic parameters, DnsName, EKU, SSLServerAuthentication, and ExpiringInDays have been added to the Get-ChildItem cmdlet in the Cert: drive. Also, a DeleteKey dynamic parameter has been added to Remove-Item in the Cert: drive. New script properties, DnsNameList, EnhancedKeyUsageList, and SendAsTrustedIssuer, have been added to the x509Certificate2 object that represents the certificates to make it easy to search and manage the certificates. These new features let you search for certificates based on their DNS names and expiration dates, and distinguish client and server authentication certificates by the value of their Enhanced Key Usage (EKU) properties. These enhancements are designed to support the new WebHosting certificate store created by IIS. This certificate store is optimized to scale for efficient, automated management of the thousands of certificates that are required for dynamic shared hosting. To populate the DnsNameList property, the Certificate provider copies the content from the DNSName entry in the SubjectAlternativeName (SAN) extension. If the SAN extension is empty, the property is populated with content from the Subject field of the certificate. To populate the EnhancedKeyUsageList property, the Certificate provider copies the OID properties of the EnhancedKeyUsage (EKU) field in the certificate and creates a friendly name for it.. The Certificate provider exposes the certificate namespace as the Cert: drive in Windows PowerShell. The Cert: drive has the following three levels: -- Store locations (Microsoft.PowerShell.Commands.X509StoreLocation), which are high-level containers that group the certificates for the current user and for all users. Each system has a CurrentUser and LocalMachine (all users) store location. -- Certificates stores (System.Security.Cryptography.X509Certificates.X509Store), which are physical stores in which certificates are saved and managed. -- X.509 certificates (System.Security.Cryptography.X509Certificates.X509Certificate2), each of which represent an X.509 certificate on the computer. Certificates are identified by their thumbprints. In Windows PowerShell 3.0, the Certificate provider supports the Get-Location, Set-Location, Get-Item, Get-ChildItem, Invoke-Item, Move-Item, New-Item, and Remove-Item cmdlets. In Windows PowerShell 2.0, the Certificate provider supports the Get-Location, Set-Location, Get-Item, Get-ChildItem, and Invoke-Item cmdlets. In addition, Windows PowerShell Security module (Microsoft.PowerShell.Security), which includes the Certificate provider, also includes cmdlets to get and set Authenticode signatures and to get certificates. For a list of cmdlets in the Security module, type "get-command -module *security".</para> </DetailedDescription> <Capabilities> <para>ShouldProcess</para> </Capabilities> <Filters> <para></para> </Filters> <Notes> </Notes> <Tasks> <Task> <Title> Navigating the Cert: Drive </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command uses the Set-Location cmdlet to change the current location to the Cert: drive.</para> </Introduction> <Code> set-location cert: </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This command uses the Set-Location command to change the current location to the Root certificate store in the LocalMachine store location. Use a backslash (\) or a forward slash (/) to indicate a level of the Cert: drive.</para> </Introduction> <Code> set-location -path LocalMachine\Root </Code> <Remarks> <para>If you are not in the Cert: drive, begin the path with the drive name.</para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Displaying the Contents of the Cert: Drive </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command uses the Get-ChildItem cmdlet to display the certificate stores in the CurrentUser certificate store location.</para> </Introduction> <Code> get-childitem -path cert:\CurrentUser </Code> <Remarks> <para>If you are in the Cert: drive, you can omit the drive name.</para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This command uses the Get-ChildItem cmdlet to display the certificates in the My certificate store.</para> </Introduction> <Code> get-childitem -path cert:\CurrentUser\My </Code> <Remarks> <para>If you are in the Cert: drive, you can omit the drive name.</para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 3 -------------------------- </Title> <Introduction> <para>This command uses the Get-Item cmdlet to get the "My" certificate store and the Property parameter of Format-List with a wildcard character (*) to display all of the properties of the store.</para> </Introduction> <Code> get-item -path cert:\CurrentUser\My | format-list * </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 4 -------------------------- </Title> <Introduction> <para>This command gets a certificate and displays all of its properties. It uses the Get-ChildItem cmdlet to get the certificate and the Property parameter of Format-List with a wildcard character (*) to display all of the properties of the certificate. The certificate is identified by its thumbprint.</para> </Introduction> <Code> get-childitem -path cert:\LocalMachine\my\6B8223358119BB08840DEE50FD8AF9EA776CE66B | format-list -property * </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 5 -------------------------- </Title> <Introduction> <para>This command displays the web hosting properties of all certificates in the LocalMachine certificate store location. It uses the Recurse parameter of the Get-ChildItem cmdlet to get all certificates in all stores of the LocalMachine store location. A pipeline operator sends the certificates to the Format-Table command, which displays the selected properties of each certificate in a table. </para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine -Recurse | Format-Table -Property DnsNameList, EnhancedKeyUsageList, NotAfter, SendAsTrustedIssuer </Code> <Remarks> <para></para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Opening the Certificates MMC Snap-in </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command opens the Certificates MMC snap-in to manage the specified certificate.</para> </Introduction> <Code> invoke-item cert:\CurrentUser\my\6B8223358119BB08840DEE50FD8AF9EA776CE66B </Code> <Remarks> <para></para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Getting Selected Certificates </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command uses the CodeSigningCert and Recurse parameters of the Get-ChildItem cmdlet to get all of the certificates on the computer that have code-signing authority.</para> </Introduction> <Code> Get-ChildItem -Path cert: -CodeSigningCert -Recurse </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This command uses the DNSName parameter of the Get-ChildItem cmdlet to get all of the certificates in the WebHosting store whose domain names contain "Fabrikam".</para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine\WebHosting -DNSName "*fabrikam*" </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 3 -------------------------- </Title> <Introduction> <para>This command uses the ExpiringInDays parameter of the Get-ChildItem cmdlet to get certificates that will expire within the next 30 days.</para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine\WebHosting -ExpiringInDays 30 </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 4 -------------------------- </Title> <Introduction> <para>This command uses the Invoke-Command cmdlet to run a Get-ChildItem command on the Srv01 and Srv02 computers. A value of zero (0) in the ExpiringInDays parameter gets certificates on the Srv01 and Srv02 computers that have expired.</para> </Introduction> <Code> Invoke-Command -ComputerName Srv01, Srv02 {Get-ChildItem -Path cert:\* -Recurse -ExpiringInDays 0} </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 5 -------------------------- </Title> <Introduction> <para>This command uses the SSLServerAuthentication parameter of the Get-ChildItem cmdlet to get all Server SSL Certificates in the My and WebHosting stores.</para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine\My, cert:\LocalMachine\WebHosting -SSLServerAuthentication </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 6 -------------------------- </Title> <Introduction> <para>This command gets all certificates in the LocalMachine store location that have "fabrikam" in their DNS name, "Client Authentication" in their EKU, a value of $true for the SendAsTrustedIssuer property, and do not expire within the next 30 days.</para> </Introduction> <Code> Get-ChildItem -Path cert:\* -Recurse -DNSName "*fabrikam*" -EKU "*Client Authentication*" | Where-Object {$_.SendAsTrustedIssuer -and $_.NotAfter -gt (get-date).AddDays.(30)} </Code> <Remarks> <para>The NotAfter property stores the certificate expiration date.</para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Moving Certificates </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command uses the Move-Item cmdlet to move a certificate from the My store to the WebHosting store. Move-Item will not move certificate stores and it will not move certificates to a different store location, such as moving a certificate from LocalMachine to CurrentUser. Also, Move-Item moves certificates, but it does not move private keys. </para> </Introduction> <Code> Move-Item -Path cert:\LocalMachine\My\5DDC44652E62BF9AA1116DC41DE44AB47C87BDD0 -Destination cert:\LocalMachine\WebHosting </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This command uses the SSLServerAuthentication parameter of the Get-ChildItem cmdlet to get SSL server authentication certificates in the MY certificate store. It uses a pipeline operator to send the certificates to the Move-Item cmdlet, which moves the certificates to the WebHosting store.</para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine\My -SSLServerAuthentication | Move-Item -Destination cert:\LocalMachine\WebHosting </Code> <Remarks> <para></para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Deleting Certificates and Private Keys </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command deletes a certificate from the CA certificate store, but leaves the associated private key intact. In the Cert: drive, the Remove-Item cmdlet supports only the DeleteKey, Path, WhatIf, and Confirm parameters. All other parameters are ignored.</para> </Introduction> <Code> Remove-Item -Path cert:\LocalMachine\CA\5DDC44652E62BF9AA1116DC41DE44AB47C87BDD0 </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This series of commands enables delegation and then deletes the certificate and associated private key on a remote computer. To delete a private key on a remote computer, you must use delegated credentials. The first command uses the Enable-WSManCredSSP cmdlet to enable Credential Security Service Provider (CredSSP) authentication on a client on the S1 remote computer. CredSSP permits delegated authentication. The second command uses the Connect-WSMan cmdlet to connect the S1 computer to the WinRM service on the local computer. When this command completes, the S1 computer appears in the local WSMan: drive in Windows PowerShell. The third command uses the Set-Item cmdlet in the WSMan: drive to enable the CredSSP attribute for the WinRM service. The fourth command uses the New-PSSession cmdlet to start a remote session on the S1 computer with CredSSP authentication. It saves the session in the $s variable. The fifth command uses the Invoke-Command cmdlet to run a Remove-Item command in the session in the $s variable. The Remove-Item command uses the DeleteKey parameter to remove the private key along with the specified certificate.</para> </Introduction> <Code> PS C:\>Enable-WSManCredSSP -Role Client -DelegateComputer S1 PS C:\>Connect-WSMan -ComputerName S1 -Credential Domain01\Admin01 PS C:\>Set-Item -Path WSMan:\S1\Service\Auth\CredSSP -Value $true PS C:\> $s = New-PSSession S1 -Authentication CredSSP -Credential Domain01\Admin01 PS C:\> Invoke-Command -Session $s { Remove-Item cert:\LocalMachine\My\D2D38EBA60CAA1C12055A2E1C83B15AD450110C2 -DeleteKey } </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 3 -------------------------- </Title> <Introduction> <para>This command uses the ExpiringInDays parameter of the Get-ChildItem cmdlet with a value of 0 to get certificates in the WebHosting store that have expired. It uses a pipeline operator to pass the certificates to the Remove-Item cmdlet, which deletes them. The command uses the DeleteKey parameter to delete the private key along with the certificate.</para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine\WebHosting -ExpiringInDays 0 | Remove-Item -DeleteKey </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 4 -------------------------- </Title> <Introduction> <para>This command deletes all certificates that have a DNS name that contains "Fabrikam". It uses the DNSName parameter of the Get-ChildItem cmdlet to get the certificates and the Remove-Item cmdlet to delete them. </para> </Introduction> <Code> Get-ChildItem -Path cert:\LocalMachine -DnsName *Fabrikam* | Remove-Item </Code> <Remarks> <para></para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Creating Certificate Stores </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command creates a new certificate store named "CustomStore" in the LocalMachine store location. In the Cert: drive, the New-Item cmdlet creates certificate stores in the LocalMachine store location. It supports the Name, Path, WhatIf, and Confirm parameters. All other parameters are ignored.</para> </Introduction> <Code> New-Item -Path cert:\LocalMachine\CustomStore </Code> <Remarks> <para>The command returns a System.Security.Cryptography.X509Certificates.X509Store that represents the new certificate store.</para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This command creates a new certificate store named "HostingStore" in the LocalMachine store location on the Server01 computer. The command uses the Invoke-Command cmdlet to run a New-Item command on the Server01 computer.</para> </Introduction> <Code> Invoke-Command -ComputerName Server01 { New-Item -Path cert:\LocalMachine\CustomStore } </Code> <Remarks> <para>The command returns a System.Security.Cryptography.X509Certificates.X509Store that represents the new certificate store.</para> </Remarks> </Example> </Examples> </Task> <Task> <Title> Deleting Certificate Stores </Title> <Description> <para></para> </Description> <Examples> <Example> <Title> -------------------------- EXAMPLE 1 -------------------------- </Title> <Introduction> <para>This command uses the Remove-Item cmdlet to delete the Test1 certificate store. It uses the Recurse parameter to delete the certificates in the Test1 store. In the Cert: drive, the Remove-Item cmdlet deletes user-created certificate stores from the LocalMachine store location. You cannot use the Remove-Item cmdlet to delete Windows system certificate stores. In the Cert: drive, the Remove-Item cmdlet supports only the Path, WhatIf, and Confirm parameters. All other parameters are ignored.</para> </Introduction> <Code> Remove-Item -Path cert:\LocalMachine\TestStore -Recurse </Code> <Remarks> <para>If the certificate store contains certificates and you omit the Recurse parameter, Remove-Item prompts you for confirmation before deleting any items.</para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 2 -------------------------- </Title> <Introduction> <para>This command uses the Invoke-Command cmdlet to run a Remove-Item command on the S1 and S2 computers. The Remove-Item command includes the Recurse parameter, which deletes the certificates in the store before it deletes the store.</para> </Introduction> <Code> Invoke-Command -ComputerName S1, S2 { Remove-Item -Path cert:\LocalMachine\TestStore -Recurse} </Code> <Remarks> <para></para> </Remarks> </Example> <Example> <Title> -------------------------- EXAMPLE 3 -------------------------- </Title> <Introduction> <para>This command deletes all certificate stores in the LocalMachine store location that have "Test" in their names.</para> </Introduction> <Code> Remove-Item -path cert:\LocalMachine\*test* -Recurse </Code> <Remarks> <para></para> </Remarks> </Example> </Examples> </Task> </Tasks> <DynamicParameters> <DynamicParameter> <Name>CodeSigningCert</Name> <CmdletSupported>Get-Item, Get-ChildItem</CmdletSupported> <Type> <Name>System.Management.Automation.SwitchParameter</Name> </Type> <Description>Gets only those certificates with code-signing authority. This parameter gets certificates that have "Code Signing" in their EnhancedKeyUsageList property value. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, searches for code signing certificates also return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates.</Description> <PossibleValues> </PossibleValues> </DynamicParameter> <DynamicParameter> <Name></Name> <CmdletSupported></CmdletSupported> <Type> <Name></Name> </Type> <Description></Description> <PossibleValues> <PossibleValue> <Value></Value> <Description> <para></para> </Description> </PossibleValue> </PossibleValues> </DynamicParameter> <DynamicParameter> <Name>DnsName</Name> <CmdletSupported>Get-ChildItem</CmdletSupported> <Type> <Name>Microsoft.PowerShell.Commands.DnsNameRepresentation</Name> </Type> <Description>Gets certificates that have the specified domain name or name pattern in the DNSNameList property of the certificate. The value of this parameter can either be Unicode or ASCII. Punycode values are converted to Unicode. Wildcard characters (*) are permitted. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</Description> <PossibleValues> <PossibleValue> <Value></Value> <Description> <para></para> </Description> </PossibleValue> </PossibleValues> </DynamicParameter> <DynamicParameter> <Name>EKU</Name> <CmdletSupported>Get-ChildItem</CmdletSupported> <Type> <Name>System.String</Name> </Type> <Description>Gets certificates that have the specified text or text pattern in the EnhancedKeyUsageList property of the certificate. Wildcard characters (*) are permitted. The EnhancedKeyUsageList property contains the friendly name and the OID fields of the EKU. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, all EKU searches return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</Description> <PossibleValues> <PossibleValue> <Value></Value> <Description> <para></para> </Description> </PossibleValue> </PossibleValues> </DynamicParameter> <DynamicParameter> <Name>ExpiringInDays</Name> <CmdletSupported>Get-ChildItem</CmdletSupported> <Type> <Name>System.Int32</Name> </Type> <Description>Gets certificates that are expiring in or before the specified number of days. Enter an integer. A value of 0 (zero) gets certificates that have expired. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</Description> <PossibleValues> <PossibleValue> <Value></Value> <Description> <para></para> </Description> </PossibleValue> </PossibleValues> </DynamicParameter> <DynamicParameter> <Name>SSLServerAuthentication</Name> <CmdletSupported>Get-ChildItem</CmdletSupported> <Type> <Name>System.Management.Automation.SwitchParameter</Name> </Type> <Description>Gets only server certificates for SSL web hosting. This parameter gets certificates that have "Server Authentication" in their EnhancedKeyUsageList property value. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, SSLServerAuthentication searches also return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</Description> <PossibleValues> <PossibleValue> <Value></Value> <Description> <para></para> </Description> </PossibleValue> </PossibleValues> </DynamicParameter> <DynamicParameter> <Name>DeleteKey</Name> <CmdletSupported>Remove-Item</CmdletSupported> <Type> <Name>System.Management.Automation.SwitchParameter</Name> </Type> <Description>Deletes the associated private key when it deletes the certificate. To delete a private key that is associated with a user certificate in the Cert:\CurrentUser store on a remote computer, you must use delegated credentials. When using the Invoke-Command cmdlet to run a Remove-Item command remotely, after considering the security risks, use the CredSSP parameter to enable delegation. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</Description> <PossibleValues> <PossibleValue> <Value></Value> <Description> <para></para> </Description> </PossibleValue> </PossibleValues> </DynamicParameter> </DynamicParameters> <RelatedLinks> <navigationLink> <linkText>about_Providers</linkText> <uri/> </navigationLink> <navigationLink> <linkText>about_Signing</linkText> <uri/> </navigationLink> <navigationLink> <linkText>Get-AuthenticodeSignature</linkText> <uri/> </navigationLink> <navigationLink> <linkText>Set-AuthenticodeSignature</linkText> <uri/> </navigationLink> <navigationLink> <linkText>Get-PfxCertificate</linkText> <uri/> </navigationLink> </RelatedLinks> <CmdletHelpPaths> <CmdletHelpPath id="Certificate"> <!-- v 1.3.0.35 --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name> Get-ChildItem </command:name> <maml:description> <maml:para>Gets certificate store locations, certificate stores, and certificates in the Windows PowerShell Cert: drive.</maml:para> </maml:description> <maml:copyright> <maml:para></maml:para> </maml:copyright> <command:verb>Get</command:verb> <command:noun>ChildItem</command:noun> <dev:version></dev:version> </command:details> <maml:description> <maml:para>In the Cert: drive, the Get-ChildItem cmdlet gets certificate store locations, certificate stores, and certificates. The Windows PowerShell Certificate Provider adds the Cert: drive to Windows PowerShell. Beginning in Windows PowerShell 3.0, the Certificate provider enhances its support for managing Secure Socket Layer (SSL) certificates for web hosting. New filtering parameters, DnsName, EKU, ,ExpiringInDays, and SSLServerAuthentication have been added to Get-ChildItem to enable you to search for certificates based on their DNS names and expiration dates, and distinguish client and server authentication certificates by the value of their Enhanced Key Usage (EKU) properties. Also, new script properties, DnsNameList and EnhancedKeyUsageList, and SendAsTrustedIssuer, have been added to the x509Certificate2 object that represents the certificates to make it easy to search and manage the certificates. To populate the DnsNameList property, the Certificate provider copies the content from the DNSName entry in the SubjectAlternativeName (SAN) extension. If the SAN extension is empty, the property is populated with content from the Subject field of the certificate. To populate the EnhancedKeyUsageList property, the Certificate provider copies the content from the Friendly Name and OID properties of the EnhancedKeyUsage (EKU) field in the certificate. NOTE: The Name parameter of Get-ChildItem is not supported in the Cert: drive. To indicate items in the Cert: drive, use the Path parameter. </maml:para> </maml:description> <!-- Cmdlet syntax section--> <command:syntax> <command:syntaxItem> <maml:name>Get-ChildItem</maml:name> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CodeSigningCert</maml:name> <maml:description> <maml:para>Gets only those certificates with code-signing authority. This parameter gets certificates that have "Code Signing" in their EnhancedKeyUsageList property value. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, searches for code signing certificates also return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 1.0.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named"> <maml:name>DnsName</maml:name> <maml:description> <maml:para>Gets certificates that have the specified domain name or name pattern in the DNSNameList property of the certificate. The value of the DnsName parameter can either be Unicode or ASCII. Punycode values are converted to Unicode. Wildcard characters (*) are permitted. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named"> <maml:name>EKU</maml:name> <maml:description> <maml:para>Gets certificates that have the specified text or text pattern in the EnhancedKeyUsageList property of the certificate. Wildcard characters (*) are permitted. The EnhancedKeyUsageList property contains the friendly name and the OID fields of the EKU. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, all EKU searches return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExpiringInDays</maml:name> <maml:description> <maml:para>Gets certificates that are expiring in or before the specified number of days. Enter an integer. A value of 0 (zero) gets certificates that have expired. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. The ExpiringInDays parameter uses the value of the NotAfter property of the certificate, which stores the expiration date of the certificate. The effective date is stored in the NotBefore property of the certificate. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">int</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SSLServerAuthentication</maml:name> <maml:description> <maml:para>Gets only server certificates for SSL web hosting. This parameter gets certificates that have "Server Authentication" in their EnhancedKeyUsageList property value. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, SSLServerAuthentication searches also return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <!-- Cmdlet parameter section --> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CodeSigningCert</maml:name> <maml:description> <maml:para>Gets only those certificates with code-signing authority. This parameter gets certificates that have "Code Signing" in their EnhancedKeyUsageList property value. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, searches for code signing certificates also return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 1.0.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named"> <maml:name>DnsName</maml:name> <maml:description> <maml:para>Gets certificates that have the specified domain name or name pattern in the DNSNameList property of the certificate. The value of the DnsName parameter can either be Unicode or ASCII. Punycode values are converted to Unicode. Wildcard characters (*) are permitted. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> <dev:type> <maml:name>string</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named"> <maml:name>EKU</maml:name> <maml:description> <maml:para>Gets certificates that have the specified text or text pattern in the EnhancedKeyUsageList property of the certificate. Wildcard characters (*) are permitted. The EnhancedKeyUsageList property contains the friendly name and the OID fields of the EKU. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, all EKU searches return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> <dev:type> <maml:name>string</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExpiringInDays</maml:name> <maml:description> <maml:para>Gets certificates that are expiring in or before the specified number of days. Enter an integer. A value of 0 (zero) gets certificates that have expired. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. The ExpiringInDays parameter uses the value of the NotAfter property of the certificate, which stores the expiration date of the certificate. The effective date is stored in the NotBefore property of the certificate. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">int</command:parameterValue> <dev:type> <maml:name>int</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SSLServerAuthentication</maml:name> <maml:description> <maml:para>Gets only server certificates for SSL web hosting. This parameter gets certificates that have "Server Authentication" in their EnhancedKeyUsageList property value. Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, SSLServerAuthentication searches also return certificates that have an empty EnhancedKeyUsageList property value. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <!-- Input - Output section--> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> <maml:uri/> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> In the Cert: drive, you can pipe a path to Get-ChildItem. </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.PowerShell.Commands.X509StoreLocation, System.Security.Cryptography.X509Certificates.X509Store, System.Security.Cryptography.X509Certificates.X509Certificate2, System.String</maml:name> <maml:uri /> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> In the Cert: drive, Get-ChildItem returns objects that represent certificate store locations, certificate stores, and certificates. When you use the Name parameter, it returns the object name as a string. </maml:para> </maml:description> </command:returnValue> </command:returnValues> <!-- Error section--> <command:terminatingErrors /> <command:nonTerminatingErrors /> <!-- Notes section --> <maml:alertSet> <maml:title></maml:title> <maml:alert> <maml:para> -- Beginning in Windows PowerShell 3.0, the Microsoft.PowerShell.Security module that contains the Cert: drive is not imported automatically into every session. To use the Cert: drive, use the Import-Module cmdlet to import the module, or run a command that uses the Cert: drive, such as a "Set-Location Cert:" command. -- The CodeSigningCert, DnsName, EKU, and ExpiringInParameter parameters are valid in all subdirectories of the Certificate provider, but they are effective only on certificates. </maml:para> </maml:alert> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <!-- Example section --> <command:examples> <command:example> <maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> PS cert:\> Get-ChildItem Location : CurrentUser StoreNames : {TrustedPublisher, ClientAuthIssuer, Root, UserDS...} Location : LocalMachine StoreNames : {TrustedPublisher, ClientAuthIssuer, Remote Desktop, Root...} </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>At the root of the Cert: drive, the Get-ChildItem cmdlet gets certificate store locations.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> PS cert:\LocalMachine\> Get-ChildItem Name : TrustedPublisher Name : ClientAuthIssuer Name : Remote Desktop Name : Root Name : KRA Name : TrustedDevices Name : WebHosting Name : CA Name : REQUEST Name : AuthRoot Name : TrustedPeople Name : My Name : SmartCardRoot Name : Trust Name : Disallowed </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>In a certificate store location in Cert: drive, the Get-ChildItem cmdlet gets certificate stores.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> PS cert:\LocalMachine\My\> Get-ChildItem Thumbprint Subject ---------- ------- D259F7B1DA04D41451866A2D464EC4A71BCBEDCD CN=fabrikam-v6_CA, OU=Microsoft PKI Team 5B047DCA542A9E46C0EC7BF1AD7889612CADAA2E CN=fabrikam-V6.dfabrikam-v5.fabrikam.com 3A37D8CEAA95E4FD099FC87F7E2779813D6BF4CC CN=fabrikam-V6.dfabrikam-v5.fabrikam.com 2E0334D695038DFA40C1D982E5C296EFECA893BB CN=fabrikam-V6.dfabrikam-v5.fabrikam.com 2C85D4CE7A0FA08FF66A4397B2F410071913D03B CN=fabrikam-V6.dfabrikam-v5.fabrikam.com </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>In a certificate store in Cert: drive, the Get-ChildItem cmdlet gets certificates.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> PS cert:\LocalMachine\My\> Get-ChildItem -Path D259F7B1DA04D41451866A2D464EC4A71BCBEDCD | Format-List -Property * PSPath : Certificate::LocalMachine\my\5B047DCA542A9E46C0EC7BF1AD7889612CADAA2E PSParentPath : Certificate::LocalMachine\my PSChildName : 5B047DCA542A9E46C0EC7BF1AD7889612CADAA2E PSDrive : cert PSProvider : Certificate PSIsContainer : False EnhancedKeyUsageList : {Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1)} DnsNameList : {fabrikam-V6.dfabrikam-v5.fabrikam.com} Archived : False Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...} FriendlyName : IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName NotAfter : 4/21/2012 10:08:18 AM NotBefore : 4/22/2011 10:08:18 AM HasPrivateKey : True PrivateKey : PublicKey : System.Security.Cryptography.X509Certificates.PublicKey RawData : {48, 130, 6, 124...} SerialNumber : 220000000485E38FCF54250BCD000000000004 SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName SignatureAlgorithm : System.Security.Cryptography.Oid Thumbprint : 5B047DCA542A9E46C0EC7BF1AD7889612CADAA2E Version : 3 Handle : 545160087216 Issuer : CN=fabrikam-v6_CA, OU=Microsoft PKI Team Subject : CN=fabrikam-V6.dfabrikam-v5.fabrikam.com </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command displays all of the properties and property values of a certificate in a list. It uses the Get-ChildItem cmdlet to get the certificate and the Format-List cmdlet to display the properties. If the value of a property is an object name, use dot notation to display the object value. For example, "(Get-ChildItem -Path D259F7B1DA04D41451866A2D464EC4A71BCBEDCD).IssuerName". </maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert: -CodeSigningCert -Recurse </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the CodeSigningCert and Recurse parameters of the Get-ChildItem cmdlet to get all of the certificates on the computer that have code-signing authority. Because the full path is specified, this command can be run in any Windows PowerShell drive.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\LocalMachine\WebHosting -DNSName "*fabrikam*" </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the DNSName parameter of the Get-ChildItem cmdlet to get all of the certificates in the WebHosting store whose domain names contain "Fabrikam".</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\LocalMachine\WebHosting -ExpiringInDays 30 </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the ExpiringInDays parameter of the Get-ChildItem cmdlet to get certificates that will expire within the next 30 days.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Invoke-Command -ComputerName Srv01, Srv02 -ScriptBlock {Get-ChildItem -Path cert:\* -Recurse -ExpiringInDays 0} </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the Invoke-Command cmdlet to run a Get-ChildItem command on the Srv01 and Srv02 computers. A value of zero (0) in the ExpiringInDays parameter gets all certificates on the Srv01 and Srv02 computers that have expired.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\LocalMachine\My, cert:\LocalMachine\WebHosting -EKU "Server Authentication" </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the EKU parameter of the Get-ChildItem cmdlet to get all Server SSL Certificates in the My and WebHosting stores. </maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 10 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\* -Recurse -DNSName "*fabrikam*" -EKU "*Server*" | Where-Object {$_.SendAsTrustedIssuer -and $_.NotAfter -gt (get-date).AddDays.(30)} </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command gets all certificates in the LocalMachine store location that have "fabrikam" in their DNS name, "Server" in their EKU, a value of $true for the SendAsTrustedIssuer property, and do not expire within the next 30 days. The NotAfter property stores the certificate expiration date. </maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> </command:examples> <!-- Link section --> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Certificate Provider</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PfxCertificate</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PSDrive</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Move-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-Item</maml:linkText> <maml:uri/> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- v 1.3.0.35 --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name> Move-Item </command:name> <maml:description> <maml:para>Moves certificates from one certificate store to another certificate store.</maml:para> </maml:description> <maml:copyright> <maml:para></maml:para> </maml:copyright> <command:verb>Move</command:verb> <command:noun>Item</command:noun> <dev:version></dev:version> </command:details> <maml:description> <maml:para>In the Cert: drive, Move-Item moves certificates from one certificate store to another certificate store. The Windows PowerShell Certificate Provider adds the Cert: drive to Windows PowerShell. Beginning in Windows PowerShell 3.0, the Certificate provider enhances its support for managing Secure Socket Layer (SSL) certificates for web hosting by enabling you to use the Move-Item cmdlet to move certificates between certificate stores. You cannot use this feature to move a certificate to a different certificate store location, such as a move from LocalMachine to CurrentUser, or to move certificate stores. Also, Move-Item does not move private keys. NOTE: In the Cert: drive, only the Path, Destination, WhatIf, and Confirm parameters of the Move-Item cmdlet are effective. All other parameter and parameter values are ignored. </maml:para> </maml:description> <!-- Cmdlet syntax section--> <command:syntax> <command:syntaxItem> <maml:name>Move-Item</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the path to the original location of the certificate. Wildcards are permitted.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="2"> <maml:name>Destination</maml:name> <maml:description> <maml:para>Specifies the path to the location where the items are being moved. The default is the current certificate store. Wildcards are permitted, but the result must specify a single location. To rename the item that is being moved, specify a new name in the value of the Destination parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <!-- Cmdlet parameter section --> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="2"> <maml:name>Destination</maml:name> <maml:description> <maml:para>Specifies the path to the location where the items are being moved. The default is the current certificate store. Wildcards are permitted, but the result must specify a single location. To rename the item that is being moved, specify a new name in the value of the Destination parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> <dev:type> <maml:name>string</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>Current certificate store</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the path to the original location of the certificate. Wildcards are permitted.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> <dev:type> <maml:name>string[]</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue /> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue /> </command:parameter> </command:parameters> <!-- Input - Output section--> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> <maml:uri/> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> You can pipe a certificate path to the Move-Item cmdlet. </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> <maml:uri /> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> This cmdlet does not generate any output. </maml:para> </maml:description> </command:returnValue> </command:returnValues> <!-- Error section--> <command:terminatingErrors /> <command:nonTerminatingErrors /> <!-- Notes section --> <maml:alertSet> <maml:title></maml:title> <maml:alert> <maml:para> -- Beginning in Windows PowerShell 3.0, the Microsoft.PowerShell.Security module that contains the Cert: drive is not imported automatically into every session. To use the Cert: drive, use the Import-Module cmdlet to import the module, or run a command that uses the Cert: drive, such as a "Set-Location Cert:" command. </maml:para> </maml:alert> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <!-- Example section --> <command:examples> <command:example> <maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Move-Item -Path cert:\LocalMachine\My\5DDC44652E62BF9AA1116DC41DE44AB47C87BDD0 -Destination cert:\LocalMachine\WebHosting </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the Move-Item cmdlet to move a certificate from the My store to the WebHosting store. Because the command uses absolute paths, you can run it from any Windows PowerShell drive. You can also run it from a Cert: drive path and use relative paths.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\LocalMachine\My -EKU "Server Authentication" | Move-Item -Destination cert:\LocalMachine\WebHosting </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the EKU parameter of the Get-ChildItem cmdlet to get SSL server authentication certificates in the MY certificate store. It uses a pipeline operator to send the certificates to the Move-Item cmdlet, which moves the certificates to the WebHosting store. </maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> </command:examples> <!-- Link section --> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Certificate Provider</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ChildItem</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PfxCertificate</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PSDrive</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-Item</maml:linkText> <maml:uri/> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- v 1.3.0.35 --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name> New-Item </command:name> <maml:description> <maml:para>Creates new certificate stores in the LocalMachine store location.</maml:para> </maml:description> <maml:copyright> <maml:para></maml:para> </maml:copyright> <command:verb>New</command:verb> <command:noun>Item</command:noun> <dev:version></dev:version> </command:details> <maml:description> <maml:para>In the Cert: drive, the New-Item cmdlet creates new certificate stores in the LocalMachine certificate store location. The Windows PowerShell Certificate Provider adds the Cert: drive to Windows PowerShell. Beginning in Windows PowerShell 3.0, the Certificate provider enables you to use the New-Item cmdlet to create new certificate stores. You can also use the Remove-Item cmdlet to delete the certificate stores that you create. You cannot use the New-Item cmdlet to create certificates or certificate store locations, or to create certificate stores in the CurrentUser certficate store location. Note: In the Cert: drive, only the Name, Path, WhatIf, and Confirm parameters of New-Item are effective. All other parameter and parameter values are ignored. </maml:para> </maml:description> <!-- Cmdlet syntax section--> <command:syntax> <command:syntaxItem> <maml:name>New-Item</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the full or relative path to the new certificate store. You can include the name of the certificate store in the path or use the Name parameter to specify the name. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name the new certificate store. You can use the Name parameter or include the name in the value of the Path parameter. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>New-Item</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the full or relative path to the new certificate store. You can include the name of the certificate store in the path or use the Name parameter to specify the name. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <!-- Cmdlet parameter section --> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name the new certificate store. You can use the Name parameter or include the name in the value of the Path parameter. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> <dev:type> <maml:name>string</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the full or relative path to the new certificate store. You can include the name of the certificate store in the path or use the Name parameter to specify the name. </maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> <dev:type> <maml:name>string[]</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue /> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue /> </command:parameter> </command:parameters> <!-- Input - Output section--> <command:inputTypes> <command:inputType> <dev:type> <maml:name></maml:name> <maml:uri/> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Store</maml:name> <maml:uri /> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> New-Item returns an X509Store object that represents the new certificate store. </maml:para> </maml:description> </command:returnValue> </command:returnValues> <!-- Error section--> <command:terminatingErrors /> <command:nonTerminatingErrors /> <!-- Notes section --> <maml:alertSet> <maml:title></maml:title> <maml:alert> <maml:para> -- Beginning in Windows PowerShell 3.0, the Microsoft.PowerShell.Security module that contains the Cert: drive is not imported automatically into every session. To use the Cert: drive, use the Import-Module cmdlet to import the module, or run a command that uses the Cert: drive, such as a "Set-Location Cert:" command. -- In the Cert: drive, the ItemType parameter is ignored. You do not need to specify an item type to create a certificate store. </maml:para> </maml:alert> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <!-- Example section --> <command:examples> <command:example> <maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> New-Item -Path Cert:\LocalMachine\TestStore Name : TestStore </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the New-Item cmdlet to create the "TestStore" certificate store in the LocalMachine store location. The command returns a System.Security.Cryptography.X509Certificates.X509Store that represents the new certificate store. </maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> New-Item -Path Cert:\LocalMachine -Name TestStore Name : TestStore </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the New-Item cmdlet to create the "TestStore" certificate store in the LocalMachine store location. It is identical to the previous command, but it uses the Name parameter to specify the store name, instead of the Path parameter. The effect is identical.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Invoke-Command -ComputerName Server01 { New-Item -Path Cert:\LocalMachine\TestStore } </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command creates the TestStore certificate store on the Server01 remote computer. It uses the Invoke-Command cmdlet to run the New-Item command remotely.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> </command:examples> <!-- Link section --> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Certificate Provider</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ChildItem</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PSDrive</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Move-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-Item</maml:linkText> <maml:uri/> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- v 1.3.0.35 --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name> Remove-Item </command:name> <maml:description> <maml:para>Deletes certificate stores, certificates, and private keys.</maml:para> </maml:description> <maml:copyright> <maml:para></maml:para> </maml:copyright> <command:verb>Remove</command:verb> <command:noun>Item</command:noun> <dev:version></dev:version> </command:details> <maml:description> <maml:para>In the Cert: drive, the Remove-Item cmdlet deletes certificates and their associated private keys. It also deletes certificate stores in the LocalMachine certificate store location that you create by using the New-Item cmdlet. The Windows PowerShell Certificate Provider adds the Cert: drive to Windows PowerShell. Beginning in Windows PowerShell 3.0, the Certificate provider enhances its support for managing Secure Socket Layer (SSL) certificates for web hosting by enabling you to use the Remove-Item cmdlet to delete certificates and private keys, and to delete user-created certificate stores in the LocalMachine certificate store location. However, you cannot use this feature to delete certificate store locations, such as CurrentUser or LocalMachine, or certificate stores that Windows creates. Note: In the Cert: drive, only the DeleteKey, Path, WhatIf, and Confirm parameters of Remove-Item are effective. All other parameter and parameter values are ignored. </maml:para> </maml:description> <!-- Cmdlet syntax section--> <command:syntax> <command:syntaxItem> <maml:name>Remove-Item</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the path to the certificates and certificate stores that are being deleted. Wildcards are permitted. The parameter name ("-Path") is optional.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeleteKey</maml:name> <maml:description> <maml:para>Deletes the associated private key when it deletes the certificate. To delete a private key that is associated with a user certificate in the Cert:\CurrentUser store on a remote computer, you must use delegated credentials. When using the Invoke-Command cmdlet to run a Remove-Item command remotely, after considering the security risks, use the CredSSP parameter to enable delegation. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <!-- Cmdlet parameter section --> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DeleteKey</maml:name> <maml:description> <maml:para>Deletes the associated private key when it deletes the certificate. To delete a private key on a remote computer, you must use delegated credentials. When using the Invoke-Command cmdlet to run a Remove-Item command remotely, after considering the security risks, use the CredSSP parameter to enable delegation. This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on certificates. This parameter was introduced in Windows PowerShell 3.0.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri/> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specifies the path to the certificates and certificate stores that are being deleted. Wildcards are permitted. The parameter name ("-Path") is optional.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">string[]</command:parameterValue> <dev:type> <maml:name>string[]</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before executing the command.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue /> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue /> </command:parameter> </command:parameters> <!-- Input - Output section--> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> <maml:uri/> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> You can pipe a path to the Remove-Item cmdlet in the Cert: drive. </maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> <maml:uri /> <maml:description /> </dev:type> <maml:description> <maml:para> <!-- description --> This cmdlet does not generate any output. </maml:para> </maml:description> </command:returnValue> </command:returnValues> <!-- Error section--> <command:terminatingErrors /> <command:nonTerminatingErrors /> <!-- Notes section --> <maml:alertSet> <maml:title></maml:title> <maml:alert> <maml:para> -- Beginning in Windows PowerShell 3.0, the Microsoft.PowerShell.Security module that contains the Cert: drive is not imported automatically into every session. To use the Cert: drive, use the Import-Module cmdlet to import the module, or run a command that uses the Cert: drive, such as a "Set-Location Cert:" command. </maml:para> </maml:alert> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <!-- Example section --> <command:examples> <command:example> <maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Remove-Item -Path cert:\LocalMachine\CA\5DDC44652E62BF9AA1116DC41DE44AB47C87BDD0 </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command deletes a certificate from the CA certificate store, but leaves the associated private key intact.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> # Delete a certificate and private key on a remote computer </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This series of commands enables delegation and then deletes the certificate and associated private key on a remote computer. To delete a private key on a remote computer, you must use delegated credentials. The first command uses the Enable-WSManCredSSP cmdlet to enable Credential Security Service Provider (CredSSP) authentication on a client on the S1 remote computer. CredSSP permits delegated authentication. PS C:\>Enable-WSManCredSSP -Role Client -DelegateComputer S1 The second command uses the Connect-WSMan cmdlet to connect the S1 computer to the WinRM service on the local computer. When this command completes, the S1 computer appears in the local WSMan: drive in Windows PowerShell. PS C:\>Connect-WSMan -ComputerName S1 -Credential Domain01\Admin01 The third command uses the Set-Item cmdlet in the WSMan: drive to enable the CredSSP attribute for the WinRM service. PS C:\>Set-Item -Path WSMan:\S1\Service\Auth\CredSSP -Value $true The fourth command uses the New-PSSession cmdlet to start a remote session on the S1 computer with CredSSP authentication. It saves the session in the $s variable. PS C:\> $s = New-PSSession S1 -Authentication CredSSP -Credential Domain01\Admin01 The fifth command uses the Invoke-Command cmdlet to run a Remove-Item command in the session in the $s variable. The Remove-Item command uses the DeleteKey parameter to remove the private key along with the specified certificate. PS C:\> Invoke-Command -Session $s { Remove-Item cert:\LocalMachine\My\D2D38EBA60CAA1C12055A2E1C83B15AD450110C2 -DeleteKey }</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\LocalMachine\WebHosting -ExpiringInDays 0 | Remove-Item -DeleteKey </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command uses the ExpiringInDays parameter of the Get-ChildItem cmdlet with a value of 0 to get certificates in the WebHosting store that have expired. It uses a pipeline operator to pass the certificates to the Remove-Item cmdlet, which deletes them. The command uses the DeleteKey parameter to delete the private key along with the certificate.</maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title> <maml:introduction> <maml:para>C:\PS></maml:para> </maml:introduction> <dev:code> Get-ChildItem -Path cert:\LocalMachine -DnsName *Fabrikam* | Remove-Item </dev:code> <dev:remarks> <maml:para>Description</maml:para> <maml:para>-----------</maml:para> <maml:para>This command deletes all certificates that have a DNS name that contains "Fabrikam". It uses the DNSName parameter of the Get-ChildItem cmdlet to get the certificates and the Remove-Item cmdlet to delete them. </maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> <maml:para></maml:para> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText></command:commandText> </command:commandLine> </command:commandLines> </command:example> </command:examples> <!-- Link section --> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Certificate Provider</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-ChildItem</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PfxCertificate</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-PSDrive</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Move-Item</maml:linkText> <maml:uri/> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-Item</maml:linkText> <maml:uri/> </maml:navigationLink> </maml:relatedLinks> </command:command> </CmdletHelpPath> </CmdletHelpPaths> </providerHelp> </helpItems> |