Protect-String

Encrypts a string using the Data Protection API (DPAPI).

Syntax

Protect-String [-String] <String> -ForUser [<CommonParameters>]
Protect-String [-String] <String> -ForComputer [<CommonParameters>]

Description

Encrypts a string with the Data Protection API (DPAPI). Encryption can be performed at the user or computer level. If encrypted at the User level (with the ForUser switch), only the user who encrypted the data can decrypt it. If encrypted at the computer scope (with the ForComputer switch), any user logged onto the computer can decrypt it.

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
String String The text to encrypt. true true (ByValue)
ForUser SwitchParameter true false
ForComputer SwitchParameter true false

EXAMPLE 1

Protect-String -String 'TheStringIWantToEncrypt' -ForUser | Out-File MySecret.txt

Encrypts the given string and saves the encrypted string into MySecret.txt. Only the user who encrypts the string can unencrypt it.

EXAMPLE 2

$cipherText = Protect-String -String "MySuperSecretIdentity" -ForComputer

Encrypts the given string and stores the value in $cipherText. Because the encryption scope is set to LocalMachine, any user logged onto the local computer can decrypt $cipherText.