Add-SDSFileCoworker
Summary
Adds coworkers to one or more files encrypted with Stormshield Data File.
Description
The Add-SDSFileCoworker cmdlet adds one or more coworkers to the coworker list of files encrypted with Stormshield Data File. It invokes transciphering mechanisms.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more files encrypted with Stormshield Data File. | |
| -Coworkers <X509Certificate[]> | true | 2 | true (ByPropertyName) | false | Specifies one or more X.509 certificates to add to the encrypted file. Certificates will be added as coworkers. |
Inputs
System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]
You can pipe the list of files to be transciphered or the list of X.509 certificates to add.
Outputs
Stormshield.DataSecurity.Connector.File.SecureFile[]
This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Add coworkers to an encrypted file
C:\PS>$certificates = Get-SDSCertificate -Name 'Jodie FISHER','Robert MILLER' Add-SDSFileCoworker 'C:\My Folder\Document.docx.sdsx' -Coworkers $certificates
This command adds the coworkers Jodie Fisher and Robert Miller to the file 'C:\Document.docx.sdsx'.
Path : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 159712
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice SMITH
Coworkers : {alice.smith@mycompany.com, jodie.fisher@mycompany.com, robert.miller@mycompany.com}
Certificates : {Alice SMITH, Jodie FISHER, Robert MILLER}
CertRetrievalStatus : SUCCEEDED
Backup-SDSAddressBook
Summary
Backups the user's address book into a .p7z file
Description
The Backup-SDSAddressBook backups the whole address book content, including personalized data, into a .p7z file that can be restored later.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | 1 | true (ByValue) | false | Specifies the path to the output .p7z file. |
Inputs
System.String
You can pipe a string containing the relative or absolute path of the output .p7z file.
Outputs
System.IO.FileInfo
The System.IO.FileInfo object represents the output .p7z file.
Notes
Examples
Backup the whole address book content
C:\PS>Backup-SDSAddressBook 'C:\My Folder\addressbook.p7z'
This command backups the whole address book content into a .p7z file.
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7z
Connect-SDSUser
Summary
Opens a Stormshield Data Security session.
Description
The Connect-SDSUser cmdlet connects a user to its Stormshield Data Security account.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Id <String> | false | 1 | false | false | Specifies the identifier of the user to be connected. Identifier or .usr file path are permitted. Note: The user identifier is not case sensitive. In non-interactive mode: This parameter is required. If omitted, a System.ArgumentNullException exception is raised. If the string is empty, a System.ArgumentException exception is raised. If the account does not exist, a UnknownUserException exception is raised. If a session is already open, a UserAlreadyConnectedException exception is raised. In interactive mode: This parameter is not required. If this parameter is omitted or if the string is empty, the connection window opens up and the identifier of the last successfully connected user is pre-filled. If no previous connection occurred, this field is empty. If you click the [Cancel] button in the connection window then a exception is raised and contains the E_LOGON_USER_CANCEL error code. | |
| -Password <String> | false | 2 | Empty string | false | false | Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account which three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In non-interactive mode, this parameter is required. If omitted or if the string is empty, an exception is raised. (See the type of the exception above). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code). |
| -SecurePassword <SecureString> | false | named | false | false |
Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. This parameter allows the password to be specified in a secured manner. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account with three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In non-interactive mode, this parameter is required. If omitted or if the string is empty, an exception is raised. (See the type of the exception above). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code). To generate the secure password, use the command
|
|
| -Interactive <SwitchParameter> | false | named | false | false | Specifies that connection is to be made in interactive mode. The connection window opens up if the identifier or password are not fully specified. Otherwise a dialog box displays the connection progress. |
Inputs
System.String, System.String, System.Security.SecureString, System.Management.Automation.SwitchParameter
Outputs
Stormshield.DataSecurity.Connector.Kernel.User
This object represents a Stormshield Data Security user account.
Notes
If a user is already connected, an exception is raised.
Examples
Connect a user to its Stormshield Data Security account
C:\PS>Connect-SDSUser alicesmith password
This command connects the user Alice Smith to its Stormshield Data Security account.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Connect a user to its Stormshield Data Security account
C:\PS>Connect-SDSUser 'C:\ProgramData\Arkoon\Security BOX\Users\alicesmith\alicesmith.usr' password
This command connects the user Alice Smith to its Stormshield Data Security account.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Connect a user to its Stormshield Data Security account
C:\PS>Read-Host "password" -AsSecureString | ConvertFrom-SecureString | Out-File C:\secured-password.pwd $secureString = (Get-Content C:\secured-password.pwd | ConvertTo-SecureString) Connect-SDSUser alicesmith -SecurePassword $secureString
This command connects the user Alice Smith to its Stormshield Data Security account. A object of type SecureString is used for specifying the password in a secured manner.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Connect last successfully connected user to Stormshield Data Security, displaying the connection window
C:\PS>Connect-SDSUser -Interactive
This command requests connection to Stormshield Data Security, displaying the connection window. The user identifier is pre-filled with the last successfully connected user.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Connect a user to Stormshield Data Security, displaying the connection window
C:\PS>Connect-SDSUser alicesmith -Interactive
This command requests connection to Stormshield Data Security, displaying the connection window. The user identifier is pre-filled with the identifier "alicesmith".
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Disable-SDSDiskAutomaticMount
Summary
Configures a Virtual Disk volume to be mounted manually.
Description
The Disable-SDSDiskAutomaticMount cmdlet configures a Virtual Disk volume to be mounted manually.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Volume <Volume[]> | true | named | true (ByValue) | false | Specifies one or more Virtual Disk volume objects to be mounted manually. | |
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies one or more path to .vbox files to be mounted manually. | |
| -Drive <String> | true | named | true (ByValue) | false | Specifies the drive unit of the Virtual Disk volume to be mounted manually. The drive unit must be specified in uppercase. |
Inputs
System.String[], Stormshield.DataSecurity.Connector.VirtualDisk.Volume[], System.String
You can pipe an array of strings containing one or more path to .vbox files, an array of Virtual Disk volume objects or the drive unit of a Virtual Disk volume.
Outputs
Stormshield.DataSecurity.Connector.VirtualDisk.Volume
This object represents a Virtual Disk volume.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the Virtual Disk volume is already configured to be mounted manually, an exception is raised.
Examples
Configure a Virtual Disk volume to be mounted manually
C:\PS>Disable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk.vbox'
This command configures the specified Virtual Disk volume to be mounted manually. The Path parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Configure a Virtual Disk volume to be mounted manually
C:\PS>$volume = Get-SDSDisk 'C:\My Folder\virtualdisk.vbox' Disable-SDSDiskAutomaticMount -Volume $volume
This command configures the specified Virtual Disk volume to be mounted manually. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Configure a Virtual Disk volume to be mounted manually
C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' -MountLetter Z Disable-SDSDiskAutomaticMount -Drive Z
This command configures the specified Virtual Disk volume to be mounted manually. The Drive parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Configure two Virtual Disk volumes to be mounted manually
C:\PS>Disable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'
This command configures the two specified Virtual Disk volumes to be mounted manually. The Path parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False
Configure two Virtual Disk volumes to be mounted manually
C:\PS>$volume1 = Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox' $volume2 = Get-SDSDisk 'C:\My Folder\virtualdisk2.vbox' Disable-SDSDiskAutomaticMount -Volume $volume1,$volume2
This command configures the two specified Virtual Disk volumes to be mounted manually. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False
Disconnect-SDSUser
Summary
Closes a Stormshield Data Security session.
Description
The Disconnect-SDSUser cmdlet disconnects a user from its Stormshield Data Security account.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|
Inputs
Outputs
void
Returns nothing.
Notes
If no user is connected, an exception is raised.
Examples
Disconnect currently connected user
C:\PS>Disconnect-SDSUser
This command disconnects the currently connected user from its Stormshield Data Security account.
Dismount-SDSDisk
Summary
Dismounts a Virtual Disk volume.
Description
The Dismount-SDSDisk dismounts a Virtual Disk volume.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Volume <Volume[]> | true | named | true (ByValue) | false | Specifies the Virtual Disk volume to be dismounted. | |
| -Force <SwitchParameter> | false | named | false | false | Specifies that the Virtual Disk volume dismount is forced if it is in use. | |
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to .vbox file to be dismounted. |
Inputs
System.String[], Stormshield.DataSecurity.Connector.VirtualDisk.Volume[], System.Management.Automation.SwitchParameter
You can pipe an array of strings containing one or more path to .vbox files, an array of Virtual Disk volume objects or a flag to force dismount.
Outputs
Stormshield.DataSecurity.Connector.VirtualDisk.Volume
This object represents a Virtual Disk volume.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the Virtual Disk volume does not exist, an exception is raised.
Examples
Dismount a Virtual Disk volume
C:\PS>Dismount-SDSDisk 'C:\My Folder\virtualdisk.vbox'
This command dismounts the specified Virtual Disk volume. The Path parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Dismount a Virtual Disk volume
C:\PS>$volume = Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' Dismount-SDSDisk -Volume $volume
This command dismounts the specified Virtual Disk volume. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Force a Virtual Disk volume to be dismounted
C:\PS>$volume = Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' Dismount-SDSDisk -Volume $volume -Force
This command dismounts the specified Virtual Disk volume. As the volume is in use, the Force parameter is specified.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Dismount two Virtual Disk volumes
C:\PS>Dismount-SDSDisk 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'
This command dismounts the two specified Virtual Disk volumes. The Path parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NTFS
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NTFS
Locked : False
Dismount two Virtual Disk volumes
C:\PS>$volume1 = Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox' $volume2 = Get-SDSDisk 'C:\My Folder\virtualdisk2.vbox' Dismount-SDSDisk -Volume $volume1,$volume2
This command dismounts the two specified Virtual Disk volumes. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NTFS
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 42
Mechanism : AES 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NTFS
Locked : False
Enable-SDSDiskAutomaticMount
Summary
Configures a Virtual Disk volume to be mounted automatically.
Description
The Enable-SDSDiskAutomaticMount cmdlet configures a Virtual Disk volume to be mounted automatically.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Volume <Volume> | true | named | true (ByValue) | false | Specifies the Virtual Disk volume object to be mounted automatically. | |
| -MountLetter <String> | false | named | false | false | Specifies drive unit mount letter to be used when automatically mounting the Virtual Disk volume. | |
| -Force <SwitchParameter> | false | named | false | false | Specifies that the Virtual Disk volume dismount is forced if it is in use. The configuration of an already mounted Virtual Disk volume to be mounted automatically requires a preliminary dismount. | |
| -Path <String> | true | 1 | true (ByPropertyName) | false | Specifies the path to .vbox file to be mounted automatically. | |
| -Drive <String> | true | named | true (ByValue) | false | Specifies the drive unit of the Virtual Disk volume to be mounted automatically. The drive unit must be specified in uppercase. |
Inputs
System.String, Stormshield.DataSecurity.Connector.VirtualDisk.Volume, System.String, System.String,System.Management.Automation.SwitchParameter
You can pipe an array of strings containing one or more path to .vbox files, a Virtual Disk volume object, the drive unit of a Virtual Disk volume to be configured, the drive unit mount letter or a flag to force dismount.
Outputs
Stormshield.DataSecurity.Connector.VirtualDisk.Volume
This object represents a Virtual Disk volume.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the Virtual Disk volume is already configured to be mounted automatically, an exception is raised.
Examples
Configure a Virtual Disk volume to be mounted automatically
C:\PS>Enable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk.vbox'
This command configures the specified Virtual Disk volume to be mounted automatically. The Path parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Configure a Virtual Disk volume to be mounted automatically
C:\PS>Enable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk.vbox' -MountLetter Z
This command configures the specified Virtual Disk volume to be mounted automatically. The Path parameter is used and the drive unit mount letter is explicitly specified.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Configure a Virtual Disk volume to be mounted automatically
C:\PS>$volume = Get-SDSDisk 'C:\My Folder\virtualdisk.vbox' Enable-SDSDiskAutomaticMount -Volume $volume
This command configures the specified Virtual Disk volume to be mounted automatically. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Force a Virtual Disk volume to be mounted automatically
C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' -MountLetter Z Enable-SDSDiskAutomaticMount -Drive Z -Force
This command configures the specified Virtual Disk volume to be mounted automatically on drive unit mount letter Z. As the volume is in use, the Force parameter is specified.
FullName : C:\My Folder\virtualdisk.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Configure two Virtual Disk volumes to be mounted automatically
C:\PS>Enable-SDSDiskAutomaticMount 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'
This command configures the two specified Virtual Disk volumes to be mounted automatically. The Path parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False
Configure two Virtual Disk volumes to be mounted automatically
C:\PS>$volume1 = Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox' $volume2 = Get-SDSDisk 'C:\My Folder\virtualdisk2.vbox' Enable-SDSDiskAutomaticMount -Volume $volume1,$volume2
This command configures the two specified Virtual Disk volumes to be mounted automatically. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 15
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False
Export-SDSAddressBook
Summary
Backups the user's address book into a .p7b file
Description
The Export-SDSAddressBook exports all the certificates contained in user's address book. The address book can be exported with groups and certificates trust chain. Personalized data is not exported.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | 1 | true (ByValue) | false | Specifies the path to the output .p7b file. | |
| -ExportAncestry <SwitchParameter> | false | named | false | false | Specifies that certificates trust chain is to be included. | |
| -ExportContactsAndGroups <SwitchParameter> | false | named | false | false | Specifies that contacts and groups of certificates are to be exported. |
Inputs
System.String, System.Management.Automation.SwitchParameter, System.Management.Automation.SwitchParameter
You can pipe a string containing the relative or absolute path of the output .p7b file, a flag to include trust chain or a flag to include contacts and groups.
Outputs
System.IO.FileInfo
The System.IO.FileInfo object represents the output .p7b file.
Notes
Examples
Export only certificates
C:\PS>Export-SDSAddressBook C:\addressbook.p7b
This command exports all certificates of currently connected user's address book, excluding trust chain, contacts and groups.
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7b
Export all certificates including trust chain
C:\PS>Export-SDSAddressBook C:\addressbook.p7b -ExportAncestry
This commande exports all certificates of currently connected user's address book, including trust chain and excluding contacts and groups.
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7b
Export all certificates including contacts and groups
C:\PS>Export-SDSAddressBook C:\addressbook.p7b -ExportContactsAndGroups
Exports all certificates of currently connected user's address book, including contacts and groups.
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 07/08/2015 10:46 8059 addressbook.p7b
Get-SDSCertificate
Summary
Retrieves a certificate from the address book of the currently connected user.
Description
This cmdlet retrieves a certificate or a group of coworkers certificates from the address book of the currently connected user.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -EmailAddress <String[]> | false | named | false | false | Specifies one or more e-mail addresses corresponding to a certificate in the currently connected user's address book. Note: this parameter is not case sensitive. Limitation: for a successful retrieval with EmailAddress parameter, the address should be defined as a main e-mail address in the certificate description. A certificate will not be found if the address is only listed as an alternative identity. | |
| -Name <String[]> | false | named | false | false | Specifies one or more certificate's subject common names in the currently connected user's address book. Note: this parameter is case sensitive. | |
| -Group <String[]> | false | named | false | false | Specifies one or more group names in the currently connected user's address book. All certificates in specified groups are retrieved. Note: this parameter is case sensitive. | |
| -Usage <CertificateKeyUsages> | false | named | true (ByValue) | false | Specifies the key usage of certificates to retrieve. This parameter is optional and can one or more of the following values: None, DecipherOnly, EncipherOnly, CRLSign, CertificateSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation and DigitalSignature. The default value is DataEncipherment and KeyEncipherment. | |
| -UpdateStatus <SwitchParameter> | false | named | false | false | Specifies that the certificate's status needs to be computed. If this parameters is not specified, Status member of returned object is set to Unknown. Specifying this parameter involves certificates retrieval to be longer. |
Inputs
System.String[], System.String[], System.String[], Stormshield.DataSecurity.Connector.Common.CertificateKeyUsages, SwitchParameter
You can pipe a string containing the coworker's name, a group name, an e-mail address, the usage of a certificate or a flag to force computing status.
Outputs
Stormshield.DataSecurity.Connector.Common.X509Certificate
This object represents the certificate retrieved from the address book.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If none of the Name, Group or EmailAddress parameters are given, all the certificates present in the user's address book are retrieved, according to the Usage parameter specified. Limitation: this cmdlet does not return the authority certificates nor the certificate of the currently connected user's key-holder.
Examples
Retrieve certificate corresponding to an email address
C:\PS>Get-SDSCertificate -EmailAddress alicesmith@mycompany.com
This command retrieves the certificate of the specified user, based on its e-mail address. The status of the returned certificate is Unknown.
Data : {48, 130, 2, 225...}
KeyUsages : DataEncipherment, KeyEncipherment
Issuer : MyCompany CA
Subject : Alice Smith
EmailAddress : alicesmith@mycompany.com
Version : V3
StatusGeneral : Unknown
StatusFull : Unknown
EffectiveDate : 19/07/2015 12:58:01
ExpirationDate : 19/07/2017 12:58:01
Retrieve certificate corresponding to an email address and a common name
C:\PS>Get-SDSCertificate -EmailAddress alicesmith@mycompany.com -Name 'Jodie FISHER' -UpdateStatus
This command retrieves two certificates. The first one owned by the user Alice Smith, based on her e-mail address, the second one owned by the user Jodie Fisher, based on her name. For each certificate, the status is updated.
Data : {48, 130, 2, 219...}
KeyUsages : DataEncipherment, KeyEncipherment
Issuer : MyCompany CA
Subject : Alice Smith
EmailAddress : alicesmith@mycompany.com
Version : V3
StatusGeneral : Ok
StatusFull : Ok
EffectiveDate : 19/07/2015 12:58:01
ExpirationDate : 19/07/2017 12:58:01
Data : {48, 130, 2, 211...}
KeyUsages : DataEncipherment, KeyEncipherment
Issuer : MyCompany CA
Subject : Jodie Fisher
EmailAddress : jodiefisher@mycompany.com
Version : V3
StatusGeneral : Ok
StatusFull : Ok
EffectiveDate : 10/09/2015 14:30:01
ExpirationDate : 10/09/2017 14:30:01
Get-SDSDisk
Summary
Retrieves information about one or more Stormshield Data Virtual Disk volumes.
Description
The Get-SDSDisk cmdlet retrieves information about one or more Stormshield Data Virtual Disk volumes.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to .vbox file of the Virtual Disk volume. | |
| -Drive <Char[]> | false | named | true (ByPropertyName) | false | Specifies the drive unit of the Virtual Disk volume. |
Inputs
System.String[], System.Char[]
You can pipe an array of strings containing one or more .vbox paths or an array of chars containing one or more drive unit mounting letters.
Outputs
Stormshield.DataSecurity.Connector.VirtualDisk.Volume
This object represents a Virtual Disk volume.
Notes
If no parameter is provided, information about all currently mounted Virtual Disk volumes is returned. If no user is connected, an exception is raised.
Examples
Retrieve information about a Virtual Disk volume
C:\PS>Get-SDSDisk 'C:\My Folder\virtualdisk.vbox'
This command retrieves the specified Virtual Disk volume information. The Path parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : False
MountLetter : Z
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NTFS
Locked : False
Retrieve information about several Virtual Disk volumes
C:\PS>Get-SDSDisk 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'
This command retrieves the specified Virtual Disk volumes information. The Path parameter is used.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 12
Mechanism : AES 256
Mounted : False
MountLetter : Z
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NTFS
Locked : False
FullName : C:\My Folder\virtualdisk1.vbox
Size : 1034
Mechanism : AES 256
Mounted : False
MountLetter : Y
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NTFS
Locked : False
Retrieve information about a Virtual Disk volume
C:\PS>$volume = New-SDSDisk 'C:\My Folder\virtualdisk.vbox' -Size 12 Mount-SDSDisk -Volume $volume -MountLetter Z Get-SDSDisk -Drive Z
This command retrieves the specified Virtual Disk volume information. The Drive parameter is used.
FullName : C:\Test\disk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : disk
FileSystem : eFSTYPE_NONE
Locked : False
Retrieve information about all currently mounted Virtual Disk volumes
C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk1.vbox' Mount-SDSDisk 'C:\My Folder\virtualdisk2.vbox' Get-SDSDisk
This command retrives information about all currently mounted Virtual Disk volumes.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_FAT12
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 1034
Mechanism : AES 256
Mounted : True
MountLetter : Y
AutomaticMount : True
AccessMode : ReadWrite
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False
Get-SDSFile
Summary
Retrieves information about one or more files encrypted with Stormshield Data File.
Description
The Get-SDSFile cmdlet retrieves information about one or more files encrypted with Stormshield Data File.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more files encrypted with Stormshield Data File. |
Inputs
System.String[]
You can pipe an array of one or more encrypted files.
Outputs
Stormshield.DataSecurity.Connector.File.SecureFile[]
This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.
Notes
If the specified file path does not exist, an exception is raised.
Examples
Retrieve information about an encrypted file
C:\PS>Get-SDSFile 'C:\My Folder\Document.docx.sdsx'
This command retrieves information about the specified encrypted file.
Path : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Retrieve information about several encrypted files
C:\PS>Get-SDSFile -Path 'C:\My Folder\Document.docx.sdsx','C:\My Folder\Document.xlsx.sdsx'
This command retrieves information about the specified encrypted files.
Path : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Path : C:\My Folder\Document.xlsx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 312
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Get-SDSTeamFile
Summary
Retrieves information about one or more files encrypted with Stormshield Data Team.
Description
The Get-SDSTeamFile cmdlet retrieves information about one or more files encrypted with Stormshield Data Team.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more encrypted files. If one of the files does not exist, a FileNotFoundException if raised. |
Inputs
System.String[]
You can pipe an array of strings containing one or more paths to encrytped files.
Outputs
Stormshield.DataSecurity.Connector.Team.FileInfoData[]
This object represents an array of files encrypted with Stormshield Data Team. The FileInfoData object represents a file encrypted with Stormshield Data Team. The FileInfoData object contains the following members: - Logical file size (excluding security header) - Physical file size (including security header) - Creator of the file - Size of security header - Flag that indicates if the file is encrypted or not. If the file is not encrypted, all members apart from physical size are irrelevant. - Encryption algorithm used - Owners and coworkers authorized for this file
Notes
This cmdlet does not require a user to be connected in order to be run.
Examples
Retrieve information about encrypted files
C:\PS>Get-SDSTeamFile -Path 'C:\My Secured Folder\Document.docx','C:\My Secured Folder\Document.xlsx'
This command retrieves information about the specified encrypted files.
FullName : C:\My Secured Folder\Document.docx
LogicalSize : 12596
PhysicalSize : 16692
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}
FullName : C:\My Secured Folder\Document.docx
LogicalSize : 8559
PhysicalSize : 12655
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}
Retrieve information about encrytped files
C:\PS>Get-ChildItem -Recurse | Where-Object { $_.PsIsContainer -eq $False } | Get-SDSTeamFile
This command recursively retrieves information about encrytped files in the current working directory.
FullName : C:\My Secured Folder\Document.docx
LogicalSize : 12596
PhysicalSize : 16692
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}
FullName : C:\My Secured Folder\Document.docx
LogicalSize : 8559
PhysicalSize : 12655
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}
Retrieve information about an encrypted file
C:\PS>Get-SDSTeamFile 'C:\My Secured Folder\Document.pdf'
This command retrieves information about the specified encrypted file.
FullName : C:\My Secured Folder\Document.docx
LogicalSize : 12477
PhysicalSize : 16573
Creator : Alice Smith
HeaderSize : 4096
EncryptionMechanism : eEncrypterKeyType_AES256
Encrypted : True
Coworkers : {MyCompany Recovery, Alice Smith}
Get-SDSTeamRule
Summary
Retrieves information about one or more folders secured with Stormshield Data Team.
Description
The Get-SDSTeamRule cmdlet retrieves information about one or more folders encrypted with Stormshield Data Team.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | false | 1 | true (ByPropertyName) | false | Specifies the path to one or more secured folders. If one of the folders does not exist, a FileNotFoundException if raised. If this parameter is not specified, the current working folder is processed. |
Inputs
System.String[]
You can pipe an array of strings containing one or more path to secured folders.
Outputs
Stormshield.DataSecurity.Connector.Team.RuleInfoData[]
This object represents an array of folders secured with Stormshield Data Team. The RuleInfoData object represents a folder secured with Stormshield Data Team. The RuleInfoData object contains the following information: - Path of the hidden SBoxTeam.sbt file. - Size of the hidden SBoxTeam.sbt file. - List of unencrypted files in the folder. - List of owners/coworkers allowed on this folder. - Flag that indicates if the folder is secured or not. If the folder is not secured, all members are irrelevant.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Retrieve information about several secured folders
C:\PS>Get-SDSTeamRule -Path 'C:\My Secured Folder 1','C:\My Secured Folder 2'
This command retrieves information about the specified secured folders.
FullName : C:\My Secured Folder 1
SBTFile : C:\My Secured Folder 1\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH}
Secured : True
FullName : C:\My Secured Folder 2
SBTFile : C:\My Secured Folder 2\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice Smith}
Secured : True
Retrieve information about a secured folder
C:\PS>Get-SDSTeamRule 'C:\My Secured Folder'
This command retrieves information about the specified secured folder.
FullName : C:\My Secured Folder
SBTFile : C:\My Secured Folder\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH}
Secured : True
Retrieve information about each subfolders of current working folder
C:\PS>cd 'C:\My Secured Folder'
Get-ChildItem | Where-Object { $_.PSIsContainer -eq $True } | Get-SDSTeamRule
This command retrieves information about each subfolders of the current working folder.
FullName : C:\My Secured Folder 1
SBTFile : C:\My Secured Folder 1\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH}
Secured : True
FullName : C:\My Secured Folder 2
SBTFile : C:\My Secured Folder 2\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice Smith}
Secured : True
Get-SDSUser
Summary
Retrieves information about the currently connected user.
Description
The Get-SDSUser cmdlet retrieves information about the currently connected user.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|
Inputs
Outputs
Stormshield.DataSecurity.Connector.Kernel.User
This object represents a Stormshield Data Security account.
Notes
If no user is connected, it returns nothing.
Examples
Retrieve currently connected user
C:\PS>Get-SDSUser
This command retrieves information about the currently connected user.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Import-SDSAddressBook
Summary
Imports a .p7b or .p7z file into the currently connected user's address book
Description
The Import-SDSAddressBook imports certificates from a .p7b or a .p7z file.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | 1 | true (ByValue) | false | Specifies the path to the .p7b or .p7z file to import. |
Inputs
System.String
You can pipe a string containing the path to .p7b or .p7z file to import.
Outputs
None
Notes
The .p7z file may contain personalized data related to certificates in addition to other information.
Examples
Import certificates
C:\PS>Import-SDSAddressBook C:\addressbook.p7b
This command imports certificates contained in the specified .p7b file into the address book of currently connected user. Trust chains, contacts and groups are imported if existing in .p7b file.
Restore address book content
C:\PS>Import-SDSAddressBook C:\addressbook.p7z
This command restores the address book of currently connected user to a previous state. Trusted chains, contacts, groups and personalized data are imported.
Lock-SDSUser
Summary
Locks a Stormshield Data Security session.
Description
The Lock-SDSUser cmdlet locks the current Stormshield Data Security session.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|
Inputs
Outputs
void
Returns nothing.
Notes
If no user is connected, an exception is raised. If a user is already connected and locked, an exception is raised.
Examples
Locks session of the currently connected user
C:\PS>Lock-SDSUser
This command locks the session of the currently connected user.
Mount-SDSDisk
Summary
Mounts a Virtual Disk volume.
Description
The Mount-SDSDisk mounts a Virtual Disk volume.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Volume <Volume> | true | named | true (ByValue) | false | Specifies the Virtual Disk volume to be mounted. | |
| -MountLetter <String> | false | named | false | false | Specifies drive unit mount letter to be used when mounting the Virtual Disk volume. | |
| -AccessMode <AccessMode> | false | named | Unspecified | false | false | Specifies the access mode when mounting the Virtual Disk volume. Available access modes are: ReadWrite, ReadOnly and Unspecified. If access mode is Unspecified, the best available access is automatically selected. |
| -Path <String> | true | 1 | true (ByPropertyName) | false | Specifies the path to .vbox file to be mounted. |
Inputs
System.String, Stormshield.DataSecurity.Connector.VirtualDisk.Volume, System.String, Stormshield.DataSecurity.Connector.VirtualDisk.AccessMode
You can pipe a string containing a path to .vbox file or a Virtual Disk volume.
Outputs
Stormshield.DataSecurity.Connector.VirtualDisk.Volume
This object represents a Virtual Disk volume.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Mount a Virtual Disk volume
C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox'
This command mounts a Virtual Disk volume. The Path parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Mount a Virtual Disk volume
C:\PS>$volume = New-SDSDisk 'C:\My Folder\virtualdisk.vbox' -Size 12 Mount-SDSDisk -Volume $volume
This command mounts a Virtual Disk volume. The Volume parameter is used.
FullName : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadWrite
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
Mount a Virtual Disk volume
C:\PS>Mount-SDSDisk 'C:\My Folder\virtualdisk.vbox' -MountLetter Z -AccessMode ReadOnly
This command mounts a Virtual Disk volume. The Path parameter is used and the drive unit mount letter is explicitly specified. The Virtual Disk volume is mounted in read-only mode.
FullName : C:\My Folder\virtualdisk.vbox
Size : 12
Mechanism : AES 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : ReadOnly
Label : Sample-Virtual-Disk
FileSystem : eFSTYPE_NONE
Locked : False
New-SDSDisk
Summary
Creates one or more volumes encrypted with Stormshield Data Virtual Disk.
Description
The New-SDSDisk creates one or more Virtual Disk volumes.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | false | 1 | true (ByValue) | false | Specifies the path to one or more .vbox files to create. Notes: - The file extension must be .vbox, otherwise a InvalidExtensionException exception is raised. - If not specified, the value specified in the Stormshield Data Security Suite configuration file will be used. - If the .vbox file already exists, a Stormshield.DataSecurity.Connector.VirtualDisk.FileAlreadyExistException exception is raised. | |
| -Size <Int32> | false | named | false | false | Specifies the size of the Virtual Disk volume to create, in megabytes. The minimum value is 0, the maximum Value is 2097150. Notes: - If not specified or zero, the value specified in the Stormshield Data Security Suite configuration file will be used. If the configuration file does not contain this information, the size is fixed to 10% of the free space available on the hard drive. - If there is not enough space available on the hard drive, a Stormshield.DataSecurity.Connector.VirtualDisk.Exception exception is raised (E_SBD_NOT_ENOUGH_SPACE error code). | |
| -Mode <String> | false | named | false | false |
Specifies the operating mode to be used for chaining the cypher blocks during encryption of the newly created Virtual Disk volume. The provided value must match either of the following strings, case-insensitive: "CBC" , or "XTS". Notes :
|
Inputs
System.String[], int, System.String
You can pipe an array of strings containing one or more path to .vbox files to create or the size of the Virtual Disk volumes to create.
Outputs
Stormshield.DataSecurity.Connector.VirtualDisk.Volume[]
This object represents an array of created Virtual Disk volumes. The Volume object represents a volume encrypted with Stormshield Data Virtual Disk.
Notes
The created Virtual Disk volumes are not formatted and can be formatted for any file system supported by the operating system. The Virtual Disk volumes need to be mounted prior to formatting it. If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Create two Virtual Disk volumes
C:\PS>New-SDSDisk -Path 'C:\My Folder\virtualdisk1.vbox','C:\My Folder\virtualdisk2.vbox'
This command creates two Virtual Disk volumes.
FullName : C:\My Folder\virtualdisk1.vbox
Size : 3086
Mechanism : AES_CBC 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-1
FileSystem : eFSTYPE_NONE
Locked : False
FullName : C:\My Folder\virtualdisk2.vbox
Size : 3076
Mechanism : AES_CBC 256
Mounted : False
MountLetter : ?
AutomaticMount : False
AccessMode : Unspecified
Label : Sample-Virtual-Disk-2
FileSystem : eFSTYPE_NONE
Locked : False
Create a Virtual Disk volume encrypted with AES-XTS
C:\PS>New-SDSDisk -Path 'test.vbox' -Mode 'XTS'
This command creates a Virtual Disk volume encrypted with AES-XTS.
FullName : C:\PS\test.vbox
Size : 1000
Mechanism : AES_XTS 256
Mounted : True
MountLetter : Z
AutomaticMount : False
AccessMode : Unspecified
Label : SDSDiskVolume
FileSystem : eFSTYPE_NTFS
Locked : False
New-SDSTeamRule
Summary
Secures one or more folders with Stormshield Data Team.
Description
The New-SDSTeamRule cmdlet secures one or more folders with Stormshield Data Team.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | false | 1 | true (ByPropertyName) | false | Specifies the path to one or more folders to secure. | |
| -Owners <X509Certificate[]> | false | named | false | false | Specifies one or more owners certificates. The currently connected user is automatically added as owner and coworker. If one of the owners certificates is not also included in the coworkers certificates, an exception is raised. | |
| -Coworkers <X509Certificate[]> | false | named | false | false | Specifies one or more coworkers certificates. The currently connected user is automatically added as owner and coworker. | |
| -Force <SwitchParameter> | false | named | false | false | Specifies that the securing needs to be done by bypassing any confirmation request. The behavior is different according to the status of the certificate. If the status is warning, the rule is created with the certificate. If the status is error, the rule is created without the certificate. This parameter involves a answer "yes" to the following questions: Warning status: "Do you want to encrypt this file with this certificate anyway?" Error status: "If you continue, files will not be encrypted for this coworker." |
Inputs
System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[], Stormshield.DataSecurity.Connector.Common.X509Certificate[], SwitchParameter
You can pipe an array of strings containing one or more paths to folders that needs to be secured, the list of owners certificates, the list of coworkers certificates or a flag to force securing. You can pipe: An array of string containing one or more paths to the folders on which the Team Rule must be created, the list of owners's certificates, the list of coworkers's certificate or a flag to force creation
Outputs
Stormshield.DataSecurity.Connector.Team.RuleInfoData[]
This object represents an array of folders secured with Stormshield Data Team. The RuleInfoData object represents a folder secured with Stormshield Data Team. The RuleInfoData object contains the following information: - Path of the hidden SBoxTeam.sbt file - Size of the hidden SBoxTeam.sbt file. - List of unencrypted files in the folder. - List of owners/coworkers allowed on this folder. - Flag that indicates if the folder is secured or not. If the folder is not secured, all members are irrelevant.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. The currently connected user is automatically added to the list of owners. If the certificate's status is one of warning or error, a user confirmation is requested. The answer to this question is stored and is asked only once for each certificate during the Stormshield Data Security account session duration. The Force parameter answers by default to this confirmation request and the answer is also recorded.
Examples
Secures a folder
C:\PS>$owners = Get-SDSCertificate -EmailAddress robertmiller@mycompany.com $coworkers = Get-SDSCertificate -EmailAddress robertmiller@mycompany.com,jodiefisher@mycompany.com New-SDSTeamRule 'C:\My Secured Folder' -Owners $owners -Coworkers $coworkers
This command secures the specified folder. Robert Miller will be defined as owner. Jodie Fisher will be defined as coworker. Alice Smith is automatically added as owner because she is connected.
FullName : C:\My Secured Folder
SBTFile : C:\My Secured Folder\SBoxTeam.sbt
SBTSize : 4132
UnencryptedFiles : {}
Coworkers : {MyCompany Recovery, Alice SMITH, Jodie FISHER, Robert Miller}
Secured : True
Protect-SDSFile
Summary
Encrypts one or more files with Stormshield Data File.
Description
The Protect-SDSFile cmdlet encrypts one or more files with Stormshield Data File.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more files to encrypt. | |
| -Coworkers <X509Certificate[]> | false | named | false | false | Specifies one or more coworkers certificates. The currently connected user is automatically added as coworker. |
Inputs
System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]
You can pipe an array of strings containing one or more paths of the files that are to be encrypted or the list of coworkers certificates.
Outputs
Stormshield.DataSecurity.Connector.File.SecureFile[]
This object represents an array of files encrypted with Stormshield Data File. The SecureFile object represents a file encrytped with Stormshield Data File.
Notes
The currently connected user is automatically added to the list of coworkers. After the file is encrypted, the original file is securely deleted and the encrypted .sdsx file is created. If no user is connected, an exception is raised. If the status of one of the coworkers certificates is warning or error, no error will be reported and the file will be encrypted without these certificates.
Examples
Encrypt a file for the currently connected user
C:\PS>Protect-SDSFile 'C:\My Folder\Document.docx'
This command encrypts the specified files. The only coworker for this file will be the currently connected user.
Fullname : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document.docx
Size : 443940
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Encrypt a file for coworkers
C:\PS>$certificates = Get-SDSCertificate -Name 'Jodie FISHER' Protect-SDSFile 'C:\My Folder\Document.docx' -CoWorkers $certificates
This command encrypts the specified files. Coworkers will be the currently connected user plus Jodie Fisher.
Fullname : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document.docx
Size : 443940
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com, jodiefisher@mycompany}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Encrypt all files in a folder
C:\PS>Get-ChildItem 'C:\My Folder\*.pdf' | Protect-SDSFile
This command encrypts all PDF files in the specified folder. The only coworker for this file will be the currently connected user.
Fullname : C:\My Folder\Document1.pdf.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document1.pdf
Size : 443940
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany.com, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Fullname : C:\My Folder\Document2.pdf.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document2.pdf
Size : 352561
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany.com, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Fullname : C:\My Folder\Document3.pdf.sdsx
Encrypted : True
OriginalFilename : C:\My Folder\Document3.pdf
Size : 21538
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice SMITH}
CertRetrievalStatus : SUCCEEDED
Protect-SDSTeam
Summary
Encrypts all files contained in a folder secured by Stormshield Data Team.
Description
The Protect-SDSTeam cmdlet recursively encrypts all files contained in a folder secured by Stormshield Data Team. All the files will be encrypted with owners and coworkers defined at the folder level.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | false | 1 | true (ByPropertyName) | false | Specifies the path to one or more folders to protect. If this parameter is not specified, the current working folder is protected. If the specified folder does not exist, a System.IO.DirectoryNotFoundException exception is raised. |
Inputs
System.String[]
You can pipe an array of strings containing one or more paths to secured folders.
Outputs
Stormshield.DataSecurity.Connector.Team.OperationStatus[]
This object represents an array of statuses. The OperationStatus object represents the status of one encrypting operation.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Protect a folder recursively
C:\PS>Protect-SDSTeam 'C:\My Secured Folder'
This command protects the specified folder.
FileInfoData Status
------------ ------
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Encrypted
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Encrypted
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_AlreadyEncrypted
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Encrypted
Remove-SDSFileCoworker
Summary
Removes coworkers to one or more files encrypted with Stormshield Data File.
Description
The Remove-SDSFileCoworker cmdlet removes one or more coworkers to the coworker list of files encrypted with Stormshield Data File. It invokes transciphering mechanisms.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more files encrypted with Stormshield Data File. | |
| -EmailAddress <String[]> | false | 2 | true (ByPropertyName) | false | Specifies one or more e-mail addresses to identify coworkers to remove from the encrypted file. Note: This parameters is not case sensitive. | |
| -Coworkers <X509Certificate[]> | false | 2 | true (ByPropertyName) | false | Specifies one or more X.509 certificates to remove from the encrypted file. |
Inputs
System.String[], System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]
You can pipe the list of files to be transciphered or the list of X.509 certificates to add.
Outputs
Stormshield.DataSecurity.Connector.File.SecureFile[]
This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Remove coworkers from an encrypted file
C:\PS>Remove-SDSFileCoworker 'C:\My Folder\Document.docx.sdsx' -EmailAddress jodiefisher@mycompany.com,robertmiller@mycompany.com
This command removes the specified coworkers from the encrypted file.
Path : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com}
Certificates : {Alice}
CertRetrievalStatus : SUCCEEDED
Remove-SDSTeamRule
Summary
Removes security on a folder secured with Stormshield Data Team.
Description
The Remove-SDSTeamRule cmdlet removes security on a folder secured with Stormshield Data Team.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | false | 1 | true (ByPropertyName) | false | Specifies the path to one or more folders to unsecure. If no folder is specified, the current working folder is unsecured. If the specified folder does not exist, a System.IO.DirectoryNotFoundException exception is raised. |
Inputs
System.String[]
You can pipe an array of strings containing one or more paths to secured folders.
Outputs
void
Returns nothing.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the folder is not secured, an exception RuleNotFoundException is raised.
Examples
Remove security of a secured folder
C:\PS>Remove-SDSTeamRule 'C:\My Secured Folder'
This command unsecures the specified folder.
Set-SDSFileCoworker
Summary
Sets coworkers to one or more files encrypted with Stormshield Data File.
Description
The Set-SDSFileCoworker cmdlet sets one or more coworkers in the coworker list of files encrypted with Stormshield Data File. All the previous coworkers are replaced by the new ones. The currently connected user is automatically added to the coworkers list. It invokes transciphering mechanisms.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more files encrypted with Stormshield Data File. | |
| -Coworkers <X509Certificate[]> | true | 2 | true (ByPropertyName) | false | Specifies one or more X.509 certificates to set in the encrypted file. Certificates will be added as coworkers. |
Inputs
System.String[], Stormshield.DataSecurity.Connector.Common.X509Certificate[]
You can pipe the list of files to be transciphered or the list of X.509 certificates to set.
Outputs
Stormshield.DataSecurity.Connector.File.SecureFile[]
This object represents an array of files transciphered by Stormshield Data File. The SecureFile represents a file encrypted with Stormshield Data File.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised.
Examples
Set coworkers for an encrypted file
C:\PS>$certificate = Get-SDSCertificate -EmailAddress jodiefisher@mycompany.com Set-SDSFileCoworker 'C:\My Folder\Document.docx.sdsx' -Coworkers $certificate
This command sets the coworker Jodie Fisher for the file 'C:\Document.docx.sdsx'. The user Alice Smilth is automatically added because it is the currently connected user.
Path : C:\My Folder\Document.docx.sdsx
Encrypted : True
OriginalFileName : C:\My Folder\Document.docx
Size : 154
Compressed : False
Executable : False
Mechanism : AES 256
Author : Alice Smith
Coworkers : {recovery@mycompany, alicesmith@mycompany.com, jodiefisher@mycompany.com}
Certificates : {Alice SMITH, Jodie FISHER}
CertRetrievalStatus : SUCCEEDED
Unlock-SDSUser
Summary
Unlocks a Stormshield Data Security session.
Description
The Unlock-SDSUser cmdlet unlocks the current Stormshield Data Security session.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Password <String> | false | 1 | false | false | Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account which three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code). | |
| -SecurePassword <SecureString> | false | named | false | false | Specifies the password of the account. The password is the PIN of the smart card or USB token if applicable. Note: The password is case sensitive. This parameter allows the password to be specified in a secured manner. If you enter your password incorrectly too many times (default is three tries), your account will be blocked. For example, with an account which three tries: First attempt, if the password is incorrect, a BadPasswordTwoAttemptsException exception is raised (two tries left). Second attempt, if the password is incorrect, a BadPasswordOneAttemptException exception is raised (one try left). Third attempt, if the password is incorrect, a BadPasswordAccountBlockedException exception is raised (account blocked). In interactive mode, this parameter is optional. If omitted or if the string is empty, the connection window opens up with an empty password field. If [Cancel] button is clicked in the connection window, an exception is raised (with E_LOGON_USER_CANCEL error code). |
Inputs
System.String, System.Security.SecureString
You can pipe the account password as a string or as a SecureString object.
Outputs
Stormshield.DataSecurity.Connector.Kernel.User
This object represents a Stormshield Data Security account.
Notes
If no user is connected, an exception is raised. If a user is already unlocked, an exception is raised.
Examples
Unlocks the currently connected user
C:\PS>Unlock-SDSUser password
This command unlocks the currently connected user.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Unlocks the currently connected user
C:\PS>Read-Host "password" -AsSecureString | ConvertFrom-SecureString | Out-File C:\secured-password.pwd $secureString = (Get-Content C:\secured-password.pwd | ConvertTo-SecureString) Unlock-SDSUser -SecurePassword $secureString
This command unlocks the currently connected user. A object of type SecureString is used for specifying the password in a secured manner.
Id : alicesmith
Name : Alice Smith
Locked : False
EmailAddresses : {alice.smith@mycompany.com}
EncryptionCertificate : Alice Smith
SignatureCertificate : Alice Smith
Unprotect-SDSFile
Summary
Decrypts one or more files encrypted with Stormshield Data File.
Description
The Unprotect-SDSFile cmdlet decrypts one or more files encrypted with Stormshield Data File.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | true | 1 | true (ByPropertyName) | false | Specifies the path to one or more files to decrypt. |
Inputs
System.String[]
You can pipe an array of string containing one or more paths to files to decrypt.
Outputs
Stormshield.DataSecurity.Connector.File.SecureFile[]
This object represents an array of files decrypted by Stormshield Data File.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the currently connected user is not one of the file coworkers, an exception is raised.
Examples
Decrypt a list of files
C:\PS>Unprotect-SDSFile 'C:\My Folder\Document.docx.sdsx','C:\My Folder\Document.xlsx.sdsx'
This command decrypts the specified files.
Fullname : C:\My Folder\Document.docx
Encrypted : False
OriginalFilename :
Size : 154
Compressed : False
Executable : False
Mechanism :
Author :
Coworkers :
Certificates :
CertRetrievalStatus : ERROR_PLAIN_FILE
Fullname : C:\My Folder\Document.xlsx
Encrypted : False
OriginalFilename :
Size : 1254
Compressed : False
Executable : False
Mechanism :
Author :
Coworkers :
Certificates :
CertRetrievalStatus : ERROR_PLAIN_FILE
Unprotect-SDSTeam
Summary
Decrypts all files encrypted with Stormshield Data Team contained in a folder not secured with Stormshield Data Team.
Description
The Unprotect-SDSTeam cmdlet decrypts all files encrypted with Stormshield Data Team that lies in a folder not secured with Stormshield Data Team. When a folder is unsecured by using the Remove-SDSTeamRule cmdlet, its files are kept encrypted.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String[]> | false | 1 | true (ByPropertyName) | false | Specifies the path to one or more folders to unprotect, or the path to one or more files to decrypt. If no folder is specified, the current folder is unprotected. If the specified path points to a nonexistant folder, a System.IO.DirectoryNotFoundException exception is raised. If the specified path points to a nonexistant file, a System.IO.FileNotFoundException exception is raised. | |
| -Force <SwitchParameter> | false | named | false | false | Specifies that the decryption is forced, thus bypassing any confirmation request. |
Inputs
System.String[], System.Management.Automation.SwitchParameter
You can pipe an array of strings containing one or more paths to folders or a flag to force decryption.
Outputs
Stormshield.DataSecurity.Connector.Team.OperationStatus[]
This object represents an array of statuses. The OperationStatus object represents the status of one encrypting operation.
Notes
If no user is connected, an exception is raised. If a user is connected but locked, an exception is raised. If the folder is secured, an exception is raised.
Examples
Decrypt several encrypted files
C:\PS>Unprotect-SDSTeam 'C:\My Unsecured Folder\Document.docx','C:\My Unsecured Folder\Document.xlsx'
This command decrypts the two specified files, as long as the parent folder is not unsecured.
FileInfoData Status
------------ ------
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Succeeded
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Succeeded
Force files decryption
C:\PS>Unprotect-SDSTeam 'C:\My Unsecured Folder\Document.pdf -Force
This command decrypts the specified file, as long as the parent folder is not unsecured. No confirmation is prompted during the process.
FileInfoData Status
------------ ------
Stormshield.DataSecurity.Connector.Team.FileInfoData eEIS_Succeeded
New-SDSShareRule
Summary
Adds a new rule for automatic protection by Stormshield Data Share.
Syntax
New-SDSShareRule -Path <String> -CoworkersEmails <String[]> [<CommonParameters>]
New-SDSShareRule -Path <String> -Certificates <X509Certificate[]> [<CommonParameters>]
New-SDSShareRule -Rule <AutoprotectionRule> [<CommonParameters>]
Description
The New-SDSShareRule cmdlet adds a rule to Stormshield Data Share.
Once added, any new file added to the rule's path will be encrypted for the users defined in the rule.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | named | false | false | Path of the rule to create. This parameter is mandatory when using either CoworkersEmails or Certificates parameter. | |
| -CoworkersEmails <String[]> | true | named | false | false | Emails of the coworkers in the rule. When using parameter Path, either this parameter or Certificates is mandatory. | |
| -Certificates <X509Certificate[]> | true | named | false | false | Certificates of the coworkers to add to the rule, from which emails will be extracted to create the rule. When using parameter Path, either this parameter or CoworkersEmails is mandatory. | |
| -Rule <AutoprotectionRule> | true | named | false | false | AutoprotectionRule to add. When using this parameter, it should be used alone. An AutoprotectionRule can be obtained using the following cmdlets: New-SDSShareRule, Set-SDSShareRule and Get-SDSShareRule. | |
| -Shared <SwitchParameter> | false | named | false | false | Specifies if the rule must be shared with other users. |
Inputs
None
Outputs
AutoProtectionRule: The rule that was transmitted to Stormshield Data Share and that will now be applied.
Notes
If no user is connected, an exception is raised.
If a user is connected but locked, an exception is raised.
If a rule already exists on the given path, an exception is raised.
If a rule exists in a parent or child folder of the given path, an exception is raised.
Examples
Using certificates
C:\PS>New-SDSShareRule -Path "C:\Temp\test\" -Certificates $(Get-SDSCertificate -email "john.doe@stormshield.eu")
Adds a new rule for John Doe to the folder "C:\Temp\test\".
Using email addresses
C:\PS>New-SDSShareRule -Path "C:\Temp\test\" -CoworkersEmails @("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu")
Adds a new rule for Jane Doe and Bob Mortimer to the folder "C:\Temp\test\".
Using a rule
C:\PS>$rule=Get-SDSShareRule -Path "C:\Temp\test\"
$rule.Path="C:\Temp\test2\"
New-SDSShareRule -Rule $rule
Gets the rule applied to C:\Temp\test\ and applies the same to C:\Temp\test2\. The emails contained in the rule could have been modified in the same manner as the path was changed.
Get-SDSShareRule
Summary
Gets an automatic protection rule from Stormshield Data Share.
Syntax
Get-SDSShareRule -Path <String> [<CommonParameters>]
Description
The Get-SDSShareRule cmdlet gets a rule from Stormshield Data Share.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | named | false | false | Path of the rule to get. This parameter is mandatory. |
Inputs
None
Outputs
AutoProtectionRule: The rule on the given path transmitted by Stormshield Data Share.
Notes
If no user is connected, an exception is raised.
If a user is connected but locked, an exception is raised.
If no rule exists on the given path, an exception is raised.
Examples
Getting a rule
C:\PS>Get-SDSShareRule -Path "C:\Temp\test\"
Gets the rule on the folder C:\Temp\test\.
Set-SDSShareRule
Summary
Modifies a rule for automatic protection by Stormshield Data Share.
Syntax
Set-SDSShareRule -Path <String> -CoworkersEmails <String[]> [<CommonParameters>]
Set-SDSShareRule -Path <String> -Certificates <X509Certificate[]> [<CommonParameters>]
Set-SDSShareRule -Rule <AutoprotectionRule> [<CommonParameters>]
Description
The Set-SDSShareRule cmdlet modifies a rule from Stormshield Data Share.
Once modified, any new file added to the rule's path will be encrypted for the users defined in the new rule.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | named | false | false | Path of the rule to modify. This parameter is mandatory when using either CoworkersEmails or Certificates parameter. | |
| -CoworkersEmails <String[]> | true | named | false | false | Emails of the coworkers in the rule. When using parameter Path, either this parameter or Certificates is mandatory. | |
| -Certificates <X509Certificate[]> | true | named | false | false | Certificates of the coworkers to add to the rule, from which emails will be extracted to modify the rule. When using parameter Path, either this parameter or CoworkersEmails is mandatory. | |
| -Rule <AutoprotectionRule> | true | named | false | false | AutoprotectionRule to set. When using this parameter, it should be used alone. An AutoprotectionRule can be obtained using the following cmdlets: New-SDSShareRule, Set-SDSShareRule and Get-SDSShareRule. | |
| -Shared | false | named | false | false | Specifies if the modified rule is shared with other users. |
Inputs
None
Outputs
AutoProtectionRule: The rule that was transmitted to Stormshield Data Share and that will now be applied.
Notes
If no user is connected, an exception is raised.
If a user is connected but locked, an exception is raised.
If no rule exists on the given path, an exception is raised.
Examples
Using certificates
C:\PS>Set-SDSShareRule -Path "C:\Temp\test\" -Certificates $(Get-SDSCertificate -email "john.doe@stormshield.eu")
Modifies the rule on folder "C:\Temp\test\" so that it is now for John Doe.
Using email addresses
C:\PS>Set-SDSShareRule -Path "C:\Temp\test\" -CoworkersEmails @("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu")
Modifies the rule on folder "C:\Temp\test\" so that it is now for Jane Doe and Bob Mortimer.
Using a rule
C:\PS>$rule=Get-SDSShareRule -Path "C:\Temp\test\"
$rule.CoworkersEmails=@("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu")
Set-SDSShareRule -Rule $rule
Gets the rule on C:\Temp\test\, changes its coworkers, and modifies the actual rule used by Stormshield Data Share.
Modifying users in a shared rule
C:\PS>Set-SDSShareRule -Path "C:\Temp\test\" -CoworkersEmails @("jane.doe@stormshield.eu", "bob.mortimer@stormshield.eu") -Shared
Replaces the list of coworkers in the shared rule.
Remove-SDSShareRule
Summary
Removes an automatic protection rule from Stormshield Data Share.
Syntax
Remove-SDSShareRule -Path <String> [<CommonParameters>]
Description
The Remove-SDSShareRule cmdlet removes a rule from Stormshield Data Share.
Once removed, new files added to the folder will not be encrypted anymore, unless it is protected by policy.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | named | false | false | Path of the rule to remove. This parameter is mandatory. |
Inputs
None
Outputs
None
Notes
If no user is connected, an exception is raised.
If a user is connected but locked, an exception is raised.
If no rule exists on the given path, an exception is raised.
If another action from SDS Enterprise is in progress on the folder, an exception is raised.
Examples
Removing a rule
C:\PS>Remove-SDSShareRule -Path "C:\Temp\test\"
Removes the rule on the folder C:\Temp\test\.
Protect-SDSShareDirectory
Summary
Enforces protection on a directory targeted by an automatic protection rule from Stormshield Data Share.
Syntax
Protect-SDSShareDirectory -Path <String> [-Scope {SDSXOnly | PlainOnly | All} <CommonParameters>]
Description
The Protect-SDSShareDirectory cmdlet fetches the Stormshield Data Share rule for a given directory, and enforces protection on its contents according to the rule.
Depending on parameters, plain files will be encrypted for the rule recipients, and encrypted files may be re-encrypted to match the rule recipients.
Parameters
| Name | Required | Position | Default value | Pipeline | Wildcard characters | Description |
|---|---|---|---|---|---|---|
| -Path <String> | true | named | false | false | Path to a directory protected by a Stormshield Data Share rule. This parameter is mandatory. | |
| -Scope {PlainOnly | SDSXOnly | All} | false | named | SDSXOnly | false | false |
Scope for the protection enforcement:
|
Inputs
None
Outputs
AutoProtectionResult : The list of files which the cmdlet attempted to modify as part of its execution, grouped together depending on whether (re-)encryption succeeded or failed.
Notes
If no user is connected, an exception is raised.
If a user is connected but locked, an exception is raised.
If no rule exists on the given path, an exception is raised.
Examples
Enforcing a rule
C:\PS>Protect-SDSShareDirectory -Path "C:\Temp\test\"
Enforces protection on directory C:\Temp\test\ as stated by a Stormshield Data Share rule. Parameter -Scope is omitted and thus has default value SDSXOnly. Executing this command only targets SDSX files in the directory and reencrypts them if needed.
C:\PS>Protect-SDSShareDirectory -Path "C:\Temp\test\" -Scope All
Enforces protection on directory C:\Temp\test\ as stated by a Stormshield Data Share rule. Parameter -Scope has value All. Executing this command targets all files in the directory and either encrypts them or reencrypts them if needed.