Add-SDSFileCoworker

Summary

Adds coworkers to one or more files encrypted with Stormshield Data File.

Description

The Add-SDSFileCoworker cmdlet adds one or more coworkers to the coworker list of files encrypted with Stormshield Data File. It invokes transciphering mechanisms.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more files encrypted with Stormshield Data File.
-Coworkers <X509Certificate[]> true 2 true (ByPropertyName) false Specifies one or more X.509 certificates to add to the encrypted file. Certificates will be added as coworkers.

Inputs

System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]

You can pipe the list of files to be transciphered or the list of X.509 certificates to add.

Outputs

Stormshield.DataSecurity.Connector.File.SecureFile[]

This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Add coworkers to an encrypted file

C:\PS>$certificates = Get-SDSCertificate -Name 'Jodie FISHER','Robert MILLER'
Add-SDSFileCoworker 'C:\My Folder\Document.docx.sdsx' -Coworkers $certificates

This command adds the coworkers Jodie Fisher and Robert Miller to the file 'C:\Document.docx.sdsx'.

Path                : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 159712
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice SMITH
Coworkers : {alice.smith@mycompany.com, jodie.fisher@mycompany.com, robert.miller@mycompany.com}
Certificates : {Alice SMITH, Jodie FISHER, Robert MILLER}
CertRetrievalStatus : SUCCEEDED

Backup-SDSAddressBook

Summary

Backups the user's address book into a .p7z file

Description

The Backup-SDSAddressBook backups the whole address book content, including personalized data, into a .p7z file that can be restored later.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true 1 true (ByValue) false Specifies the path to the output .p7z file.

Inputs

System.String

You can pipe a string containing the relative or absolute path of the output .p7z file.

Outputs

System.IO.FileInfo

The System.IO.FileInfo object represents the output .p7z file.

Notes

Examples

Backup the whole address book content

C:\PS>Backup-SDSAddressBook 'C:\My Folder\addressbook.p7z'

This command backups the whole address book content into a .p7z file.

Mode                LastWriteTime     Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7z

Connect-SDSUser

Summary

Opens a Stormshield Data Security session.

Description

The Connect-SDSUser cmdlet connects a user to its Stormshield Data Security account.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Id <String> false 1 false false Specifies the identifier of the user to be connected. Identifier or .usr file path are permitted. Note: The user identifier is not case sensitive. In non-interactive mode: This parameter is required. If omitted, a System.ArgumentNullException exception is raised. If the string is empty, a System.ArgumentException exception is raised. If the account does not exist, a UnknownUserException exception is raised. If a session is already open, a UserAlreadyConnectedException exception is raised. In interactive mode: This parameter is not required. If this parameter is omitted or if the string is empty, the connection window opens up and the identifier of the last successfully connected user is pre-filled. If no previous connection occurred, this field is empty. If you click the [Cancel] button in the connection window then a exception is raised and contains the E_LOGON_USER_CANCEL error code.
-Password <String> false 2 Empty string false false Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account which three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In non-interactive mode, this parameter is required. If omitted or if the string is empty, an exception is raised. (See the type of the exception above). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code).
-SecurePassword <SecureString> false named false false

Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. This parameter allows the password to be specified in a secured manner. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account with three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In non-interactive mode, this parameter is required. If omitted or if the string is empty, an exception is raised. (See the type of the exception above). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code).

To generate the secure password, use the command

Read-Host "password" -AsSecureString | ConvertFrom-SecureString | Out-File C:\secured-password.pwd where "password" must be replaced by the user password. For more information about the ConvertFrom-SecureString parameter, refer to Microsoft PowerShell help system. For more information about the encryption of the password, refer to Microsoft help about Windows Data Protection.

-Interactive <SwitchParameter> false named false false Specifies that connection is to be made in interactive mode. The connection window opens up if the identifier or password are not fully specified. Otherwise a dialog box displays the connection progress.

Inputs

System.String, System.String, System.Security.SecureString, System.Management.Automation.SwitchParameter

Outputs

Stormshield.DataSecurity.Connector.Kernel.User

This object represents a Stormshield Data Security user account.

Notes

If a user is already connected, an exception is raised.

Examples

Connect a user to its Stormshield Data Security account

C:\PS>Connect-SDSUser alicesmith password

This command connects the user Alice Smith to its Stormshield Data Security account.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Connect a user to its Stormshield Data Security account

C:\PS>Connect-SDSUser 'C:\ProgramData\Arkoon\Security BOX\Users\alicesmith\alicesmith.usr' password

This command connects the user Alice Smith to its Stormshield Data Security account.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Connect a user to its Stormshield Data Security account

C:\PS>Read-Host "password" -AsSecureString | ConvertFrom-SecureString | Out-File C:\secured-password.pwd
$secureString = (Get-Content C:\secured-password.pwd | ConvertTo-SecureString)
Connect-SDSUser alicesmith -SecurePassword $secureString

This command connects the user Alice Smith to its Stormshield Data Security account. A object of type SecureString is used for specifying the password in a secured manner.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Connect last successfully connected user to Stormshield Data Security, displaying the connection window

C:\PS>Connect-SDSUser -Interactive

This command requests connection to Stormshield Data Security, displaying the connection window. The user identifier is pre-filled with the last successfully connected user.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Connect a user to Stormshield Data Security, displaying the connection window

C:\PS>Connect-SDSUser alicesmith -Interactive

This command requests connection to Stormshield Data Security, displaying the connection window. The user identifier is pre-filled with the identifier "alicesmith".

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Disable-SDSDiskAutomaticMount

Summary

Configures a Virtual Disk volume to be mounted manually.

Description

The Disable-SDSDiskAutomaticMount cmdlet configures a Virtual Disk volume to be mounted manually.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Volume <Volume[]> true named true (ByValue) false Specifies one or more Virtual Disk volume objects to be mounted manually.
-Path <String[]> true 1 true (ByPropertyName) false Specifies one or more path to .vbox files to be mounted manually.
-Drive <String> true named true (ByValue) false Specifies the drive unit of the Virtual Disk volume to be mounted manually. The drive unit must be specified in uppercase.

Inputs

System.String[], Stormshield.DataSecurity.Connector.VirtualDisk.Volume[], System.String

You can pipe an array of strings containing one or more path to .vbox files, an array of Virtual Disk volume objects or the drive unit of a Virtual Disk volume.

Outputs

Stormshield.DataSecurity.Connector.VirtualDisk.Volume

This object represents a Virtual Disk volume.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the Virtual Disk volume is already configured to be mounted manually, an exception is raised.

Examples

Configure a Virtual Disk volume to be mounted manually

C:\PS>Disable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk.vbox'

This command configures the specified Virtual Disk volume to be mounted manually. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Configure a Virtual Disk volume to be mounted manually

C:\PS>$volume = Get-SDSDisk 'C:\My Folder\virtualdisk.vbox'
Disable-SDSDiskAutomaticMount -Volume $volume

This command configures the specified Virtual Disk volume to be mounted manually. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Configure a Virtual Disk volume to be mounted manually

C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' -MountLetter Z
Disable-SDSDiskAutomaticMount -Drive Z

This command configures the specified Virtual Disk volume to be mounted manually. The Drive parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Configure two Virtual Disk volumes to be mounted manually

C:\PS>Disable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'

This command configures the two specified Virtual Disk volumes to be mounted manually. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False

Configure two Virtual Disk volumes to be mounted manually

C:\PS>$volume1 = Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox'
$volume2 = Get-SDSDisk 'C:\My Folder\virtualdisk2.vbox'
Disable-SDSDiskAutomaticMount -Volume $volume1,$volume2

This command configures the two specified Virtual Disk volumes to be mounted manually. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False

Disconnect-SDSUser

Summary

Closes a Stormshield Data Security session.

Description

The Disconnect-SDSUser cmdlet disconnects a user from its Stormshield Data Security account.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description

Inputs

Outputs

void

Returns nothing.

Notes

If no user is connected, an exception is raised.

Examples

Disconnect currently connected user

C:\PS>Disconnect-SDSUser

This command disconnects the currently connected user from its Stormshield Data Security account.

Dismount-SDSDisk

Summary

Dismounts a Virtual Disk volume.

Description

The Dismount-SDSDisk dismounts a Virtual Disk volume.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Volume <Volume[]> true named true (ByValue) false Specifies the Virtual Disk volume to be dismounted.
-Force <SwitchParameter> false named false false Specifies that the Virtual Disk volume dismount is forced if it is in use.
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to .vbox file to be dismounted.

Inputs

System.String[], Stormshield.DataSecurity.Connector.VirtualDisk.Volume[], System.Management.Automation.SwitchParameter

You can pipe an array of strings containing one or more path to .vbox files, an array of Virtual Disk volume objects or a flag to force dismount.

Outputs

Stormshield.DataSecurity.Connector.VirtualDisk.Volume

This object represents a Virtual Disk volume.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the Virtual Disk volume does not exist, an exception is raised.

Examples

Dismount a Virtual Disk volume

C:\PS>Dismount-SDSDisk 'C:\My Folder\virtualdisk.vbox'

This command dismounts the specified Virtual Disk volume. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Dismount a Virtual Disk volume

C:\PS>$volume = Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox'
Dismount-SDSDisk -Volume $volume

This command dismounts the specified Virtual Disk volume. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Force a Virtual Disk volume to be dismounted

C:\PS>$volume = Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox'
Dismount-SDSDisk -Volume $volume -Force

This command dismounts the specified Virtual Disk volume. As the volume is in use, the Force parameter is specified.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Dismount two Virtual Disk volumes

C:\PS>Dismount-SDSDisk 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'

This command dismounts the two specified Virtual Disk volumes. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NTFS
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NTFS
Locked : False

Dismount two Virtual Disk volumes

C:\PS>$volume1 = Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox'
$volume2 = Get-SDSDisk 'C:\My Folder\virtualdisk2.vbox'
Dismount-SDSDisk -Volume $volume1,$volume2

This command dismounts the two specified Virtual Disk volumes. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NTFS
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NTFS
Locked : False

Enable-SDSDiskAutomaticMount

Summary

Configures a Virtual Disk volume to be mounted automatically.

Description

The Enable-SDSDiskAutomaticMount cmdlet configures a Virtual Disk volume to be mounted automatically.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Volume <Volume> true named true (ByValue) false Specifies the Virtual Disk volume object to be mounted automatically.
-MountLetter <String> false named false false Specifies drive unit mount letter to be used when automatically mounting the Virtual Disk volume.
-Force <SwitchParameter> false named false false Specifies that the Virtual Disk volume dismount is forced if it is in use. The configuration of an already mounted Virtual Disk volume to be mounted automatically requires a preliminary dismount.
-Path <String> true 1 true (ByPropertyName) false Specifies the path to .vbox file to be mounted automatically.
-Drive <String> true named true (ByValue) false Specifies the drive unit of the Virtual Disk volume to be mounted automatically. The drive unit must be specified in uppercase.

Inputs

System.String, Stormshield.DataSecurity.Connector.VirtualDisk.Volume, System.String, System.String,System.Management.Automation.SwitchParameter

You can pipe an array of strings containing one or more path to .vbox files, a Virtual Disk volume object, the drive unit of a Virtual Disk volume to be configured, the drive unit mount letter or a flag to force dismount.

Outputs

Stormshield.DataSecurity.Connector.VirtualDisk.Volume

This object represents a Virtual Disk volume.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the Virtual Disk volume is already configured to be mounted automatically, an exception is raised.

Examples

Configure a Virtual Disk volume to be mounted automatically

C:\PS>Enable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk.vbox'

This command configures the specified Virtual Disk volume to be mounted automatically. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Configure a Virtual Disk volume to be mounted automatically

C:\PS>Enable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk.vbox' -MountLetter Z

This command configures the specified Virtual Disk volume to be mounted automatically. The Path parameter is used and the drive unit mount letter is explicitly specified.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Configure a Virtual Disk volume to be mounted automatically

C:\PS>$volume = Get-SDSDisk 'C:\My Folder\virtualdisk.vbox'
Enable-SDSDiskAutomaticMount -Volume $volume

This command configures the specified Virtual Disk volume to be mounted automatically. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Force a Virtual Disk volume to be mounted automatically

C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' -MountLetter Z
Enable-SDSDiskAutomaticMount -Drive Z -Force

This command configures the specified Virtual Disk volume to be mounted automatically on drive unit mount letter Z. As the volume is in use, the Force parameter is specified.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Configure two Virtual Disk volumes to be mounted automatically

C:\PS>Enable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'

This command configures the two specified Virtual Disk volumes to be mounted automatically. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False

Configure two Virtual Disk volumes to be mounted automatically

C:\PS>$volume1 = Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox'
$volume2 = Get-SDSDisk 'C:\My Folder\virtualdisk2.vbox'
Enable-SDSDiskAutomaticMount -Volume $volume1,$volume2

This command configures the two specified Virtual Disk volumes to be mounted automatically. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False

Export-SDSAddressBook

Summary

Backups the user's address book into a .p7b file

Description

The Export-SDSAddressBook exports all the certificates contained in user's address book. The address book can be exported with groups and certificates trust chain. Personalized data is not exported.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true 1 true (ByValue) false Specifies the path to the output .p7b file.
-ExportAncestry <SwitchParameter> false named false false Specifies that certificates trust chain is to be included.
-ExportContactsAndGroups <SwitchParameter> false named false false Specifies that contacts and groups of certificates are to be exported.

Inputs

System.String, System.Management.Automation.SwitchParameter, System.Management.Automation.SwitchParameter

You can pipe a string containing the relative or absolute path of the output .p7b file, a flag to include trust chain or a flag to include contacts and groups.

Outputs

System.IO.FileInfo

The System.IO.FileInfo object represents the output .p7b file.

Notes

Examples

Export only certificates

C:\PS>Export-SDSAddressBook C:\addressbook.p7b

This command exports all certificates of currently connected user's address book, excluding trust chain, contacts and groups.

Mode                LastWriteTime     Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7b

Export all certificates including trust chain

C:\PS>Export-SDSAddressBook C:\addressbook.p7b -ExportAncestry

This commande exports all certificates of currently connected user's address book, including trust chain and excluding contacts and groups.

Mode                LastWriteTime     Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7b

Export all certificates including contacts and groups

C:\PS>Export-SDSAddressBook C:\addressbook.p7b -ExportContactsAndGroups

Exports all certificates of currently connected user's address book, including contacts and groups.

Mode                LastWriteTime     Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7b

Get-SDSCertificate

Summary

Retrieves a certificate from the address book of the currently connected user.

Description

This cmdlet retrieves a certificate or a group of coworkers certificates from the address book of the currently connected user.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-EmailAddress <String[]> false named false false Specifies one or more e-mail addresses corresponding to a certificate in the currently connected user's address book. Note: this parameter is not case sensitive. Limitation: for a successful retrieval with EmailAddress parameter, the address should be defined as a main e-mail address in the certificate description. A certificate will not be found if the address is only listed as an alternative identity.
-Name <String[]> false named false false Specifies one or more certificate's subject common names in the currently connected user's address book. Note: this parameter is case sensitive.
-Group <String[]> false named false false Specifies one or more group names in the currently connected user's address book. All certificates in specified groups are retrieved. Note: this parameter is case sensitive.
-Usage <CertificateKeyUsages> false named true (ByValue) false Specifies the key usage of certificates to retrieve. This parameter is optional and can one or more of the following values: None, DecipherOnly, EncipherOnly, CRLSign, CertificateSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation and DigitalSignature. The default value is DataEncipherment and KeyEncipherment.
-UpdateStatus <SwitchParameter> false named false false Specifies that the certificate's status needs to be computed. If this parameters is not specified, Status member of returned object is set to Unknown. Specifying this parameter involves certificates retrieval to be longer.

Inputs

System.String[], System.String[], System.String[], Stormshield.DataSecurity.Connector.Common.CertificateKeyUsages, SwitchParameter

You can pipe a string containing the coworker's name, a group name, an e-mail address, the usage of a certificate or a flag to force computing status.

Outputs

Stormshield.DataSecurity.Connector.Common.X509Certificate

This object represents the certificate retrieved from the address book.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If none of the Name, Group or EmailAddress parameters are given, all the certificates present in the user's address book are retrieved, according to the Usage parameter specified. Limitation: this cmdlet does not return the authority certificates nor the certificate of the currently connected user's key-holder.

Examples

Retrieve certificate corresponding to an email address

C:\PS>Get-SDSCertificate -EmailAddress alicesmith@mycompany.com

This command retrieves the certificate of the specified user, based on its e-mail address. The status of the returned certificate is Unknown.

Data           : {48, 130, 2, 225...}
KeyUsages : DataEncipherment, KeyEncipherment
Issuer : MyCompany CA
Subject : Alice Smith
EmailAddress : alicesmith@mycompany.com
Version : V3
StatusGeneral : Unknown
StatusFull : Unknown
EffectiveDate : 19/07/2015 12:58:01
ExpirationDate : 19/07/2017 12:58:01

Retrieve certificate corresponding to an email address and a common name

C:\PS>Get-SDSCertificate -EmailAddress alicesmith@mycompany.com -Name 'Jodie FISHER' -UpdateStatus

This command retrieves two certificates. The first one owned by the user Alice Smith, based on her e-mail address, the second one owned by the user Jodie Fisher, based on her name. For each certificate, the status is updated.

Data           : {48, 130, 2, 219...}
KeyUsages : DataEncipherment, KeyEncipherment
Issuer : MyCompany CA
Subject : Alice Smith
EmailAddress : alicesmith@mycompany.com
Version : V3
StatusGeneral : Ok
StatusFull : Ok
EffectiveDate : 19/07/2015 12:58:01
ExpirationDate : 19/07/2017 12:58:01

Data : {48, 130, 2, 211...}
KeyUsages : DataEncipherment, KeyEncipherment
Issuer : MyCompany CA
Subject : Jodie Fisher
EmailAddress : jodiefisher@mycompany.com
Version : V3
StatusGeneral : Ok
StatusFull : Ok
EffectiveDate : 10/09/2015 14:30:01
ExpirationDate : 10/09/2017 14:30:01

Get-SDSDisk

Summary

Retrieves information about one or more Stormshield Data Virtual Disk volumes.

Description

The Get-SDSDisk cmdlet retrieves information about one or more Stormshield Data Virtual Disk volumes.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to .vbox file of the Virtual Disk volume.
-Drive <Char[]> false named true (ByPropertyName) false Specifies the drive unit of the Virtual Disk volume.

Inputs

System.String[], System.Char[]

You can pipe an array of strings containing one or more .vbox paths or an array of chars containing one or more drive unit mounting letters.

Outputs

Stormshield.DataSecurity.Connector.VirtualDisk.Volume

This object represents a Virtual Disk volume.

Notes

If no parameter is provided, information about all currently mounted Virtual Disk volumes is returned. If no user is connected, an exception is raised.

Examples

Retrieve information about a Virtual Disk volume

C:\PS>Get-SDSDisk 'C:\My Folder\virtualdisk.vbox'

This command retrieves the specified Virtual Disk volume information. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : False
MountLetter : Z
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NTFS
Locked : False

Retrieve information about several Virtual Disk volumes

C:\PS>Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'

This command retrieves the specified Virtual Disk volumes information. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 12
Mechanism : AES 256
Mounted : False
MountLetter : Z
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NTFS
Locked : False

FullName : C:\My Folder\virtualdisk1.vbox
Size : 1034
Mechanism : AES 256
Mounted : False
MountLetter : Y
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NTFS
Locked : False

Retrieve information about a Virtual Disk volume

C:\PS>$volume = New-SDSDisk 'C:\My Folder\virtualdisk.vbox' -Size 12
Mount-SDSDisk -Volume $volume -MountLetter Z
Get-SDSDisk -Drive Z

This command retrieves the specified Virtual Disk volume information. The Drive parameter is used.

FullName       : C:\Test\disk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : disk
FileSystem : eFSTYPE_NONE
Locked : False

Retrieve information about all currently mounted Virtual Disk volumes

C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk1.vbox'
Mount-SDSDisk 'C:\My Folder\virtualdisk2.vbox'
Get-SDSDisk

This command retrives information about all currently mounted Virtual Disk volumes.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_FAT12
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 1034
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False

Get-SDSFile

Summary

Retrieves information about one or more files encrypted with Stormshield Data File.

Description

The Get-SDSFile cmdlet retrieves information about one or more files encrypted with Stormshield Data File.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more files encrypted with Stormshield Data File.

Inputs

System.String[]

You can pipe an array of one or more encrypted files.

Outputs

Stormshield.DataSecurity.Connector.File.SecureFile[]

This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.

Notes

If the specified file path does not exist, an exception is raised.

Examples

Retrieve information about an encrypted file

C:\PS>Get-SDSFile 'C:\My Folder\Document.docx.sdsx'

This command retrieves information about the specified encrypted file.

Path                : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Retrieve information about several encrypted files

C:\PS>Get-SDSFile -Path 'C:\My Folder\Document.docx.sdsx','C:\My Folder\Document.xlsx.sdsx'

This command retrieves information about the specified encrypted files.

Path                : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Path : C:\My Folder\Document.xlsx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 312
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Get-SDSTeamFile

Summary

Retrieves information about one or more files encrypted with Stormshield Data Team.

Description

The Get-SDSTeamFile cmdlet retrieves information about one or more files encrypted with Stormshield Data Team.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more encrypted files. If one of the files does not exist, a FileNotFoundException if raised.

Inputs

System.String[]

You can pipe an array of strings containing one or more paths to encrytped files.

Outputs

Stormshield.DataSecurity.Connector.Team.FileInfoData[]

This object represents an array of files encrypted with Stormshield Data Team. The FileInfoData object represents a file encrypted with Stormshield Data Team. The FileInfoData object contains the following members: - Logical file size (excluding security header) - Physical file size (including security header) - Creator of the file - Size of security header - Flag that indicates if the file is encrypted or not. If the file is not encrypted, all members apart from physical size are irrelevant. - Encryption algorithm used - Owners and coworkers authorized for this file

Notes

This cmdlet does not require a user to be connected in order to be run.

Examples

Retrieve information about encrypted files

C:\PS>Get-SDSTeamFile -Path 'C:\My Secured Folder\Document.docx','C:\My Secured Folder\Document.xlsx'

This command retrieves information about the specified encrypted files.

FullName            : C:\My Secured Folder\Document.docx
LogicalSize : 12596
PhysicalSize : 16692
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}

FullName : C:\My Secured Folder\Document.docx
LogicalSize : 8559
PhysicalSize : 12655
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}

Retrieve information about encrytped files

C:\PS>Get-ChildItem -Recurse | Where-Object { $_.PsIsContainer -eq $False } | Get-SDSTeamFile

This command recursively retrieves information about encrytped files in the current working directory.

FullName            : C:\My Secured Folder\Document.docx
LogicalSize : 12596
PhysicalSize : 16692
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}

FullName : C:\My Secured Folder\Document.docx
LogicalSize : 8559
PhysicalSize : 12655
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}

Retrieve information about an encrypted file

C:\PS>Get-SDSTeamFile 'C:\My Secured Folder\Document.pdf'

This command retrieves information about the specified encrypted file.

FullName            : C:\My Secured Folder\Document.docx
LogicalSize : 12477
PhysicalSize : 16573
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}

Get-SDSTeamRule

Summary

Retrieves information about one or more folders secured with Stormshield Data Team.

Description

The Get-SDSTeamRule cmdlet retrieves information about one or more folders encrypted with Stormshield Data Team.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> false 1 true (ByPropertyName) false Specifies the path to one or more secured folders. If one of the folders does not exist, a FileNotFoundException if raised. If this parameter is not specified, the current working folder is processed.

Inputs

System.String[]

You can pipe an array of strings containing one or more path to secured folders.

Outputs

Stormshield.DataSecurity.Connector.Team.RuleInfoData[]

This object represents an array of folders secured with Stormshield Data Team. The RuleInfoData object represents a folder secured with Stormshield Data Team. The RuleInfoData object contains the following information: - Path of the hidden SBoxTeam.sbt file. - Size of the hidden SBoxTeam.sbt file. - List of unencrypted files in the folder. - List of owners/coworkers allowed on this folder. - Flag that indicates if the folder is secured or not. If the folder is not secured, all members are irrelevant.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Retrieve information about several secured folders

C:\PS>Get-SDSTeamRule -Path 'C:\My Secured Folder 1','C:\My Secured Folder 2'

This command retrieves information about the specified secured folders.

FullName         : C:\My Secured Folder 1
SBTFile : C:\My Secured Folder 1\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH}
Secured : True

FullName : C:\My Secured Folder 2
SBTFile : C:\My Secured Folder 2\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice Smith}
Secured : True

Retrieve information about a secured folder

C:\PS>Get-SDSTeamRule 'C:\My Secured Folder'

This command retrieves information about the specified secured folder.

FullName         : C:\My Secured Folder
SBTFile : C:\My Secured Folder\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH}
Secured : True

Retrieve information about each subfolders of current working folder

C:\PS>cd 'C:\My Secured Folder'
Get-ChildItem | Where-Object { $_.PSIsContainer -eq $True } | Get-SDSTeamRule

This command retrieves information about each subfolders of the current working folder.

FullName         : C:\My Secured Folder 1
SBTFile : C:\My Secured Folder 1\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH}
Secured : True

FullName : C:\My Secured Folder 2
SBTFile : C:\My Secured Folder 2\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice Smith}
Secured : True

Get-SDSUser

Summary

Retrieves information about the currently connected user.

Description

The Get-SDSUser cmdlet retrieves information about the currently connected user.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description

Inputs

Outputs

Stormshield.DataSecurity.Connector.Kernel.User

This object represents a Stormshield Data Security account.

Notes

If no user is connected, it returns nothing.

Examples

Retrieve currently connected user

C:\PS>Get-SDSUser

This command retrieves information about the currently connected user.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Import-SDSAddressBook

Summary

Imports a .p7b or .p7z file into the currently connected user's address book

Description

The Import-SDSAddressBook imports certificates from a .p7b or a .p7z file.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true 1 true (ByValue) false Specifies the path to the .p7b or .p7z file to import.

Inputs

System.String

You can pipe a string containing the path to .p7b or .p7z file to import.

Outputs

None

Notes

The .p7z file may contain personalized data related to certificates in addition to other information.

Examples

Import certificates

C:\PS>Import-SDSAddressBook C:\addressbook.p7b

This command imports certificates contained in the specified .p7b file into the address book of currently connected user. Trust chains, contacts and groups are imported if existing in .p7b file.

Restore address book content

C:\PS>Import-SDSAddressBook C:\addressbook.p7z

This command restores the address book of currently connected user to a previous state. Trusted chains, contacts, groups and personalized data are imported.

Lock-SDSUser

Summary

Locks a Stormshield Data Security session.

Description

The Lock-SDSUser cmdlet locks the current Stormshield Data Security session.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description

Inputs

Outputs

void

Returns nothing.

Notes

If no user is connected, an exception is raised. If a user is already connected and locked, an exception is raised.

Examples

Locks session of the currently connected user

C:\PS>Lock-SDSUser

This command locks the session of the currently connected user.

Mount-SDSDisk

Summary

Mounts a Virtual Disk volume.

Description

The Mount-SDSDisk mounts a Virtual Disk volume.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Volume <Volume> true named true (ByValue) false Specifies the Virtual Disk volume to be mounted.
-MountLetter <String> false named false false Specifies drive unit mount letter to be used when mounting the Virtual Disk volume.
-AccessMode <AccessMode> false named Unspecified false false Specifies the access mode when mounting the Virtual Disk volume. Available access modes are: ReadWrite, ReadOnly and Unspecified. If access mode is Unspecified, the best available access is automatically selected.
-Path <String> true 1 true (ByPropertyName) false Specifies the path to .vbox file to be mounted.

Inputs

System.String, Stormshield.DataSecurity.Connector.VirtualDisk.Volume, System.String, Stormshield.DataSecurity.Connector.VirtualDisk.AccessMode

You can pipe a string containing a path to .vbox file or a Virtual Disk volume.

Outputs

Stormshield.DataSecurity.Connector.VirtualDisk.Volume

This object represents a Virtual Disk volume.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Mount a Virtual Disk volume

C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox'

This command mounts a Virtual Disk volume. The Path parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Mount a Virtual Disk volume

C:\PS>$volume = New-SDSDisk 'C:\My Folder\virtualdisk.vbox' -Size 12
Mount-SDSDisk -Volume $volume

This command mounts a Virtual Disk volume. The Volume parameter is used.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

Mount a Virtual Disk volume

C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' -MountLetter Z -AccessMode ReadOnly

This command mounts a Virtual Disk volume. The Path parameter is used and the drive unit mount letter is explicitly specified. The Virtual Disk volume is mounted in read-only mode.

FullName       : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadOnly
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False

New-SDSDisk

Summary

Creates one or more volumes encrypted with Stormshield Data Virtual Disk.

Description

The New-SDSDisk creates one or more Virtual Disk volumes.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> false 1 true (ByValue) false Specifies the path to one or more .vbox files to create. Notes: - The file extension must be .vbox, otherwise a InvalidExtensionException exception is raised. - If not specified, the value specified in the Stormshield Data Security Suite configuration file will be used. - If the .vbox file already exists, a Stormshield.DataSecurity.Connector.VirtualDisk.FileAlreadyExistException exception is raised.
-Size <Int32> false named false false Specifies the size of the Virtual Disk volume to create, in megabytes. The minimum value is 0, the maximum Value is 2097150. Notes: - If not specified or zero, the value specified in the Stormshield Data Security Suite configuration file will be used. If the configuration file does not contain this information, the size is fixed to 10% of the free space available on the hard drive. - If there is not enough space available on the hard drive, a Stormshield.DataSecurity.Connector.VirtualDisk.Exception exception is raised (E_SBD_NOT_ENOUGH_SPACE error code).
-Mode <String> false named   false false

Specifies the operating mode to be used for chaining the cypher blocks during encryption of the newly created Virtual Disk volume. The provided value must match either of the following strings, case-insensitive: "CBC" , or "XTS".

Notes :

  • XTS is recommended over CBC, as it is considered more secure.

  • If this parameter is ommitted, New-SDSDisk will use the encryption algorithm specified in the Virtual Disk section of the SDS policy.

Inputs

System.String[], int, System.String

You can pipe an array of strings containing one or more path to .vbox files to create or the size of the Virtual Disk volumes to create.

Outputs

Stormshield.DataSecurity.Connector.VirtualDisk.Volume[]

This object represents an array of created Virtual Disk volumes. The Volume object represents a volume encrypted with Stormshield Data Virtual Disk.

Notes

The created Virtual Disk volumes are not formatted and can be formatted for any file system supported by the operating system. The Virtual Disk volumes need to be mounted prior to formatting it. If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Create two Virtual Disk volumes

C:\PS>New-SDSDisk -Path 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'

This command creates two Virtual Disk volumes.

FullName       : C:\My Folder\virtualdisk1.vbox
Size : 3086
Mechanism : AES_CBC 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False

FullName : C:\My Folder\virtualdisk2.vbox
Size : 3076
Mechanism : AES_CBC 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False

Create a Virtual Disk volume encrypted with AES-XTS

C:\PS>New-SDSDisk -Path 'test.vbox' -Mode 'XTS'

This command creates a Virtual Disk volume encrypted with AES-XTS.

FullName       : C:\PS\test.vbox
Size : 1000
Mechanism : AES_XTS 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : Unspecified
Label : SDSDiskVolume
FileSystem : eFSTYPE_NTFS
Locked : False

New-SDSTeamRule

Summary

Secures one or more folders with Stormshield Data Team.

Description

The New-SDSTeamRule cmdlet secures one or more folders with Stormshield Data Team.

Parameters

 

 

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> false 1 true (ByPropertyName) false Specifies the path to one or more folders to secure.
-Owners <X509Certificate[]> false named false false Specifies one or more owners certificates. The currently connected user is automatically added as owner and coworker. If one of the owners certificates is not also included in the coworkers certificates, an exception is raised.
-Coworkers <X509Certificate[]> false named false false Specifies one or more coworkers certificates. The currently connected user is automatically added as owner and coworker.
-Force <SwitchParameter> false named false false Specifies that the securing needs to be done by bypassing any confirmation request. The behavior is different according to the status of the certificate. If the status is warning, the rule is created with the certificate. If the status is error, the rule is created without the certificate. This parameter involves a answer "yes" to the following questions: Warning status: "Do you want to encrypt this file with this certificate anyway?" Error status: "If you continue, files will not be encrypted for this coworker."

Inputs

System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[], Stormshield.DataSecurity.Connector.Common.X509Certificate[], SwitchParameter

You can pipe an array of strings containing one or more paths to folders that needs to be secured, the list of owners certificates, the list of coworkers certificates or a flag to force securing. You can pipe: An array of string containing one or more paths to the folders on which the Team Rule must be created, the list of owners's certificates, the list of coworkers's certificate or a flag to force creation

Outputs

Stormshield.DataSecurity.Connector.Team.RuleInfoData[]

This object represents an array of folders secured with Stormshield Data Team. The RuleInfoData object represents a folder secured with Stormshield Data Team. The RuleInfoData object contains the following information: - Path of the hidden SBoxTeam.sbt file - Size of the hidden SBoxTeam.sbt file. - List of unencrypted files in the folder. - List of owners/coworkers allowed on this folder. - Flag that indicates if the folder is secured or not. If the folder is not secured, all members are irrelevant.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. The currently connected user is automatically added to the list of owners. If the certificate's status is one of warning or error, a user confirmation is requested. The answer to this question is stored and is asked only once for each certificate during the Stormshield Data Security account session duration. The Force parameter answers by default to this confirmation request and the answer is also recorded.

Examples

Secures a folder

C:\PS>$owners = Get-SDSCertificate -EmailAddress robertmiller@mycompany.com

$coworkers = Get-SDSCertificate -EmailAddress robertmiller@mycompany.com,jodiefisher@mycompany.com

New-SDSTeamRule 'C:\My Secured Folder' -Owners $owners -Coworkers $coworkers

This command secures the specified folder. Robert Miller will be defined as owner. Jodie Fisher will be defined as coworker. Alice Smith is automatically added as owner because she is connected.

FullName         : C:\My Secured Folder
SBTFile : C:\My Secured Folder\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH, Jodie FISHER, Robert Miller}
Secured : True

Protect-SDSFile

Summary

Encrypts one or more files with Stormshield Data File.

Description

The Protect-SDSFile cmdlet encrypts one or more files with Stormshield Data File.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more files to encrypt.
-Coworkers <X509Certificate[]> false named false false Specifies one or more coworkers certificates. The currently connected user is automatically added as coworker.

Inputs

System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]

You can pipe an array of strings containing one or more paths of the files that are to be encrypted or the list of coworkers certificates.

Outputs

Stormshield.DataSecurity.Connector.File.SecureFile[]

This object represents an array of files encrypted with Stormshield Data File. The SecureFile object represents a file encrytped with Stormshield Data File.

Notes

The currently connected user is automatically added to the list of coworkers. After the file is encrypted, the original file is securely deleted and the encrypted .sdsx file is created. If no user is connected, an exception is raised. If the status of one of the coworkers certificates is warning or error, no error will be reported and the file will be encrypted without these certificates.

Examples

Encrypt a file for the currently connected user

C:\PS>Protect-SDSFile 'C:\My Folder\Document.docx'

This command encrypts the specified files. The only coworker for this file will be the currently connected user.

Fullname            : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document.docx
Size : 443940
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Encrypt a file for coworkers

C:\PS>$certificates = Get-SDSCertificate -Name 'Jodie FISHER'
Protect-SDSFile 'C:\My Folder\Document.docx' -CoWorkers $certificates

This command encrypts the specified files. Coworkers will be the currently connected user plus Jodie Fisher.

Fullname            : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document.docx
Size : 443940
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com, jodiefisher@mycompany}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Encrypt all files in a folder

C:\PS>Get-ChildItem 'C:\My Folder\*.pdf' | Protect-SDSFile

This command encrypts all PDF files in the specified folder. The only coworker for this file will be the currently connected user.

Fullname            : C:\My Folder\Document1.pdf.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document1.pdf
Size : 443940
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany.com, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Fullname : C:\My Folder\Document2.pdf.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document2.pdf
Size : 352561
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany.com, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Fullname : C:\My Folder\Document3.pdf.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document3.pdf
Size : 21538
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED

Protect-SDSTeam

Summary

Encrypts all files contained in a folder secured by Stormshield Data Team.

Description

The Protect-SDSTeam cmdlet recursively encrypts all files contained in a folder secured by Stormshield Data Team. All the files will be encrypted with owners and coworkers defined at the folder level.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> false 1 true (ByPropertyName) false Specifies the path to one or more folders to protect. If this parameter is not specified, the current working folder is protected. If the specified folder does not exist, a System.IO.DirectoryNotFoundException exception is raised.

Inputs

System.String[]

You can pipe an array of strings containing one or more paths to secured folders.

Outputs

Stormshield.DataSecurity.Connector.Team.OperationStatus[]

This object represents an array of statuses. The OperationStatus object represents the status of one encrypting operation.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Protect a folder recursively

C:\PS>Protect-SDSTeam 'C:\My Secured Folder'

This command protects the specified folder.

FileInfoData                                                               Status
------------ ------
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Encrypted
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Encrypted
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_AlreadyEncrypted
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Encrypted

Remove-SDSFileCoworker

Summary

Removes coworkers to one or more files encrypted with Stormshield Data File.

Description

The Remove-SDSFileCoworker cmdlet removes one or more coworkers to the coworker list of files encrypted with Stormshield Data File. It invokes transciphering mechanisms.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more files encrypted with Stormshield Data File.
-EmailAddress <String[]> false 2 true (ByPropertyName) false Specifies one or more e-mail addresses to identify coworkers to remove from the encrypted file. Note: This parameters is not case sensitive.
-Coworkers <X509Certificate[]> false 2 true (ByPropertyName) false Specifies one or more X.509 certificates to remove from the encrypted file.

Inputs

System.String[], System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]

You can pipe the list of files to be transciphered or the list of X.509 certificates to add.

Outputs

Stormshield.DataSecurity.Connector.File.SecureFile[]

This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Remove coworkers from an encrypted file

C:\PS>Remove-SDSFileCoworker 'C:\My Folder\Document.docx.sdsx' -EmailAddress jodiefisher@mycompany.com,robertmiller@mycompany.com

This command removes the specified coworkers from the encrypted file.

Path                : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice}
CertRetrievalStatus : SUCCEEDED

Remove-SDSTeamRule

Summary

Removes security on a folder secured with Stormshield Data Team.

Description

The Remove-SDSTeamRule cmdlet removes security on a folder secured with Stormshield Data Team.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> false 1 true (ByPropertyName) false Specifies the path to one or more folders to unsecure. If no folder is specified, the current working folder is unsecured. If the specified folder does not exist, a System.IO.DirectoryNotFoundException exception is raised.

Inputs

System.String[]

You can pipe an array of strings containing one or more paths to secured folders.

Outputs

void

Returns nothing.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the folder is not secured, an exception RuleNotFoundException is raised.

Examples

Remove security of a secured folder

C:\PS>Remove-SDSTeamRule 'C:\My Secured Folder'

This command unsecures the specified folder.

Set-SDSFileCoworker

Summary

Sets coworkers to one or more files encrypted with Stormshield Data File.

Description

The Set-SDSFileCoworker cmdlet sets one or more coworkers in the coworker list of files encrypted with Stormshield Data File. All the previous coworkers are replaced by the new ones. The currently connected user is automatically added to the coworkers list. It invokes transciphering mechanisms.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more files encrypted with Stormshield Data File.
-Coworkers <X509Certificate[]> true 2 true (ByPropertyName) false Specifies one or more X.509 certificates to set in the encrypted file. Certificates will be added as coworkers.

Inputs

System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]

You can pipe the list of files to be transciphered or the list of X.509 certificates to set.

Outputs

Stormshield.DataSecurity.Connector.File.SecureFile[]

This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.

Examples

Set coworkers for an encrypted file

C:\PS>$certificate = Get-SDSCertificate -EmailAddress jodiefisher@mycompany.com
Set-SDSFileCoworker 'C:\My Folder\Document.docx.sdsx' -Coworkers $certificate

This command sets the coworker Jodie Fisher for the file 'C:\Document.docx.sdsx'. The user Alice Smilth is automatically added because it is the currently connected user.

Path                : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com, jodiefisher@mycompany.com}
Certificates : {Alice SMITH, Jodie FISHER}
CertRetrievalStatus : SUCCEEDED

Unlock-SDSUser

Summary

Unlocks a Stormshield Data Security session.

Description

The Unlock-SDSUser cmdlet unlocks the current Stormshield Data Security session.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Password <String> false 1 false false Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account which three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code).
-SecurePassword <SecureString> false named false false Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. This parameter allows the password to be specified in a secured manner. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account which three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code).

Inputs

System.String, System.Security.SecureString

You can pipe the account password as a string or as a SecureString object.

Outputs

Stormshield.DataSecurity.Connector.Kernel.User

This object represents a Stormshield Data Security account.

Notes

If no user is connected, an exception is raised. If a user is already unlocked, an exception is raised.

Examples

Unlocks the currently connected user

C:\PS>Unlock-SDSUser password

This command unlocks the currently connected user.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Unlocks the currently connected user

C:\PS>Read-Host "password" -AsSecureString | ConvertFrom-SecureString | Out-File C:\secured-password.pwd
$secureString = (Get-Content C:\secured-password.pwd | ConvertTo-SecureString)
Unlock-SDSUser -SecurePassword $secureString

This command unlocks the currently connected user. A object of type SecureString is used for specifying the password in a secured manner.

Id                    : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith

Unprotect-SDSFile

Summary

Decrypts one or more files encrypted with Stormshield Data File.

Description

The Unprotect-SDSFile cmdlet decrypts one or more files encrypted with Stormshield Data File.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> true 1 true (ByPropertyName) false Specifies the path to one or more files to decrypt.

Inputs

System.String[]

You can pipe an array of string containing one or more paths to files to decrypt.

Outputs

Stormshield.DataSecurity.Connector.File.SecureFile[]

This object represents an array of files decrypted by Stormshield Data File.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the currently connected user is not one of the file coworkers, an exception is raised.

Examples

Decrypt a list of files

C:\PS>Unprotect-SDSFile 'C:\My Folder\Document.docx.sdsx','C:\My Folder\Document.xlsx.sdsx'

This command decrypts the specified files.

Fullname            : C:\My Folder\Document.docx
Encrypted : False
OriginalFilename :
Size : 154
Compressed : False
Executable : False
Mechanism :
Author :
Coworkers :
Certificates :
CertRetrievalStatus : ERROR_PLAIN_FILE

Fullname : C:\My Folder\Document.xlsx
Encrypted : False
OriginalFilename :
Size : 1254
Compressed : False
Executable : False
Mechanism :
Author :
Coworkers :
Certificates :
CertRetrievalStatus : ERROR_PLAIN_FILE

Unprotect-SDSTeam

Summary

Decrypts all files encrypted with Stormshield Data Team contained in a folder not secured with Stormshield Data Team.

Description

The Unprotect-SDSTeam cmdlet decrypts all files encrypted with Stormshield Data Team that lies in a folder not secured with Stormshield Data Team. When a folder is unsecured by using the Remove-SDSTeamRule cmdlet, its files are kept encrypted.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String[]> false 1 true (ByPropertyName) false Specifies the path to one or more folders to unprotect, or the path to one or more files to decrypt. If no folder is specified, the current folder is unprotected. If the specified path points to a nonexistant folder, a System.IO.DirectoryNotFoundException exception is raised. If the specified path points to a nonexistant file, a System.IO.FileNotFoundException exception is raised.
-Force <SwitchParameter> false named false false Specifies that the decryption is forced, thus bypassing any confirmation request.

Inputs

System.String[], System.Management.Automation.SwitchParameter

You can pipe an array of strings containing one or more paths to folders or a flag to force decryption.

Outputs

Stormshield.DataSecurity.Connector.Team.OperationStatus[]

This object represents an array of statuses. The OperationStatus object represents the status of one encrypting operation.

Notes

If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the folder is secured, an exception is raised.

Examples

Decrypt several encrypted files

C:\PS>Unprotect-SDSTeam 'C:\My Unsecured Folder\Document.docx','C:\My Unsecured Folder\Document.xlsx'

This command decrypts the two specified files, as long as the parent folder is not unsecured.

FileInfoData                                                        Status
------------ ------
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Succeeded
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Succeeded

Force files decryption

C:\PS>Unprotect-SDSTeam 'C:\My Unsecured Folder\Document.pdf -Force

This command decrypts the specified file, as long as the parent folder is not unsecured. No confirmation is prompted during the process.

FileInfoData                                                        Status
------------ ------
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Succeeded

New-SDSShareRule

Summary

Adds a new rule for automatic protection by Stormshield Data Share.

Syntax

New-SDSShareRule -Path <String> -CoworkersEmails <String[]> [<CommonParameters>]

New-SDSShareRule -Path <String> -Certificates <X509Certificate[]> [<CommonParameters>]

New-SDSShareRule -Rule <AutoprotectionRule> [<CommonParameters>]

Description

The New-SDSShareRule cmdlet adds a rule to Stormshield Data Share.

Once added, any new file added to the rule's path will be encrypted for the users defined in the rule.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true named false false Path of the rule to create. This parameter is mandatory when using either CoworkersEmails or Certificates parameter.
-CoworkersEmails <String[]> true named false false Emails of the coworkers in the rule. When using parameter Path, either this parameter or Certificates is mandatory.
-Certificates <X509Certificate[]> true named   false false Certificates of the coworkers to add to the rule, from which emails will be extracted to create the rule. When using parameter Path, either this parameter or CoworkersEmails is mandatory.
-Rule <AutoprotectionRule> true named   false false AutoprotectionRule to add. When using this parameter, it should be used alone. An AutoprotectionRule can be obtained using the following cmdlets: New-SDSShareRule, Set-SDSShareRule and Get-SDSShareRule.
-Shared <SwitchParameter> false named   false false Specifies if the rule must be shared with other users.

Inputs

None

Outputs

AutoProtectionRule: The rule that was transmitted to Stormshield Data Share and that will now be applied.

Notes

If no user is connected, an exception is raised.

If a user is connected but locked, an exception is raised.

If a rule already exists on the given path, an exception is raised.

If a rule exists in a parent or child folder of the given path, an exception is raised.

Examples

Using certificates

C:\PS>New-SDSShareRule -Path "C:\Temp\test\" -Certificates $(Get-SDSCertificate -email "john.doe@stormshield.eu")

Adds a new rule for John Doe to the folder "C:\Temp\test\".

Using email addresses

C:\PS>New-SDSShareRule -Path "C:\Temp\test\" -CoworkersEmails @("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu")

Adds a new rule for Jane Doe and Bob Mortimer to the folder "C:\Temp\test\".

Using a rule

C:\PS>$rule=Get-SDSShareRule -Path "C:\Temp\test\"

$rule.Path="C:\Temp\test2\"

New-SDSShareRule -Rule $rule

Gets the rule applied to C:\Temp\test\ and applies the same to C:\Temp\test2\. The emails contained in the rule could have been modified in the same manner as the path was changed.

Get-SDSShareRule

Summary

Gets an automatic protection rule from Stormshield Data Share.

Syntax

Get-SDSShareRule -Path <String> [<CommonParameters>]

Description

The Get-SDSShareRule cmdlet gets a rule from Stormshield Data Share.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true named false false Path of the rule to get. This parameter is mandatory.

Inputs

None

Outputs

AutoProtectionRule: The rule on the given path transmitted by Stormshield Data Share.

Notes

If no user is connected, an exception is raised.

If a user is connected but locked, an exception is raised.

If no rule exists on the given path, an exception is raised.

Examples

Getting a rule

C:\PS>Get-SDSShareRule -Path "C:\Temp\test\"

Gets the rule on the folder C:\Temp\test\.

Set-SDSShareRule

Summary

Modifies a rule for automatic protection by Stormshield Data Share.

Syntax

Set-SDSShareRule -Path <String> -CoworkersEmails <String[]> [<CommonParameters>]

Set-SDSShareRule -Path <String> -Certificates <X509Certificate[]> [<CommonParameters>]

Set-SDSShareRule -Rule <AutoprotectionRule> [<CommonParameters>]

Description

The Set-SDSShareRule cmdlet modifies a rule from Stormshield Data Share.

Once modified, any new file added to the rule's path will be encrypted for the users defined in the new rule.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true named false false Path of the rule to modify. This parameter is mandatory when using either CoworkersEmails or Certificates parameter.
-CoworkersEmails <String[]> true named false false Emails of the coworkers in the rule. When using parameter Path, either this parameter or Certificates is mandatory.
-Certificates <X509Certificate[]> true named   false false Certificates of the coworkers to add to the rule, from which emails will be extracted to modify the rule. When using parameter Path, either this parameter or CoworkersEmails is mandatory.
-Rule <AutoprotectionRule> true named   false false AutoprotectionRule to set. When using this parameter, it should be used alone. An AutoprotectionRule can be obtained using the following cmdlets: New-SDSShareRule, Set-SDSShareRule and Get-SDSShareRule.
-Shared false named   false false Specifies if the modified rule is shared with other users.

Inputs

None

Outputs

AutoProtectionRule: The rule that was transmitted to Stormshield Data Share and that will now be applied.

Notes

If no user is connected, an exception is raised.

If a user is connected but locked, an exception is raised.

If no rule exists on the given path, an exception is raised.

Examples

Using certificates

C:\PS>Set-SDSShareRule -Path "C:\Temp\test\" -Certificates $(Get-SDSCertificate -email "john.doe@stormshield.eu")

Modifies the rule on folder "C:\Temp\test\" so that it is now for John Doe.

Using email addresses

C:\PS>Set-SDSShareRule -Path "C:\Temp\test\" -CoworkersEmails @("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu")

Modifies the rule on folder "C:\Temp\test\" so that it is now for Jane Doe and Bob Mortimer.

Using a rule

C:\PS>$rule=Get-SDSShareRule -Path "C:\Temp\test\"

$rule.CoworkersEmails=@("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu")

Set-SDSShareRule -Rule $rule

Gets the rule on C:\Temp\test\, changes its coworkers, and modifies the actual rule used by Stormshield Data Share.

Modifying users in a shared rule

C:\PS>Set-SDSShareRule -Path "C:\Temp\test\" -CoworkersEmails @("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu") -Shared

Replaces the list of coworkers in the shared rule.

Remove-SDSShareRule

Summary

Removes an automatic protection rule from Stormshield Data Share.

Syntax

Remove-SDSShareRule -Path <String> [<CommonParameters>]

Description

The Remove-SDSShareRule cmdlet removes a rule from Stormshield Data Share.

Once removed, new files added to the folder will not be encrypted anymore, unless it is protected by policy.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true named false false Path of the rule to remove. This parameter is mandatory.

Inputs

None

Outputs

None

Notes

If no user is connected, an exception is raised.

If a user is connected but locked, an exception is raised.

If no rule exists on the given path, an exception is raised.

If another action from SDS Enterprise is in progress on the folder, an exception is raised.

Examples

Removing a rule

C:\PS>Remove-SDSShareRule -Path "C:\Temp\test\"

Removes the rule on the folder C:\Temp\test\.

Protect-SDSShareDirectory

Summary

Enforces protection on a directory targeted by an automatic protection rule from Stormshield Data Share.

Syntax

Protect-SDSShareDirectory -Path <String> [-Scope {SDSXOnly | PlainOnly | All} <CommonParameters>]

Description

The Protect-SDSShareDirectory cmdlet fetches the Stormshield Data Share rule for a given directory, and enforces protection on its contents according to the rule.

Depending on parameters, plain files will be encrypted for the rule recipients, and encrypted files may be re-encrypted to match the rule recipients.

Parameters

Name Required Position Default value Pipeline Wildcard characters Description
-Path <String> true named false false Path to a directory protected by a Stormshield Data Share rule. This parameter is mandatory.
-Scope {PlainOnly | SDSXOnly | All} false named SDSXOnly false false

Scope for the protection enforcement:

  • SDSXOnly: (default) Protection enforcement will target files that are encrypted using the SDSX file format, and will re-encrypt them as needed in order to match the rule recipients.

  • PlainOnly: Protection enforcement will target files that are not encrypted using the SDSX file format, and will encrypt them for the rule recipients.

  • All: Protection enforcement will target all files and process them as needed to have them encrypted for recipients as stated by the rule.

Inputs

None

Outputs

AutoProtectionResult : The list of files which the cmdlet attempted to modify as part of its execution, grouped together depending on whether (re-)encryption succeeded or failed.

Notes

If no user is connected, an exception is raised.

If a user is connected but locked, an exception is raised.

If no rule exists on the given path, an exception is raised.

Examples

Enforcing a rule

C:\PS>Protect-SDSShareDirectory -Path "C:\Temp\test\"

Enforces protection on directory C:\Temp\test\ as stated by a Stormshield Data Share rule. Parameter -Scope is omitted and thus has default value SDSXOnly. Executing this command only targets SDSX files in the directory and reencrypts them if needed.

C:\PS>Protect-SDSShareDirectory -Path "C:\Temp\test\" -Scope All

Enforces protection on directory C:\Temp\test\ as stated by a Stormshield Data Share rule. Parameter -Scope has value All. Executing this command targets all files in the directory and either encrypts them or reencrypts them if needed.