Protect-String

Encrypts a string using the Data Protection API (DPAPI).

Syntax

Protect-String [-String] <String> -ForUser [<CommonParameters>]
Protect-String [-String] <String> -ForComputer [<CommonParameters>]

Description

Encrypts a string with the Data Protection API (DPAPI). Encryption can be performed at the user or computer level. If encrypted at the User level (with the ForUser switch), only the user who encrypted the data can decrypt it. If encrypted at the computer scope (with the ForComputer switch), any user logged onto the computer can decrypt it.

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
String String The text to encrypt. true true (ByValue)
ForUser SwitchParameter Encrypts for the current user so that only he can decrypt. true false False
ForComputer SwitchParameter Encrypts for the current computer so that any user logged into the computer can decrypt. true false False

EXAMPLE 1

Protect-String -String 'TheStringIWantToEncrypt' -ForUser | Out-File MySecret.txt

Encrypts the given string and saves the encrypted string into MySecret.txt. Only the user who encrypts the string can unencrypt it.

EXAMPLE 2

$cipherText = Protect-String -String "MySuperSecretIdentity" -ForComputer

Encrypts the given string and stores the value in $cipherText. Because the encryption scope is set to LocalMachine, any user logged onto the local computer can decrypt $cipherText.