Import-HgsServerState

Imports an exported Host Guardian Service state into a Host Guardian Service instance.

Syntax

Import-HgsServerState
      [[-XML] <XmlDocument>]
      -Password <SecureString>
      [-ImportTpmModeState]
      [-ImportActiveDirectoryModeState]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Import-HgsServerState
      [[-Path] <String>]
      -Password <SecureString>
      [-ImportTpmModeState]
      [-ImportActiveDirectoryModeState]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Import-HgsServer cmdlet imports the previously exported Host Guardian Service (HGS) state to the existing Host Guardian Service instance.

The cmdlet imports the following Host Guardian Service state from the input file:

  • Attestation service policies
  • Attestation service configuration data
  • Key protection policies
  • Key protection configuration data
  • Key Protection Signer Certificates and private keys
  • Key Protection Encryption Certificates and private keys

Additionally, this cmdlet renews the attestation service signer certificate and updates the key protection service instance with this certificate.

For more information about the scenario terms, see Security and Assurance.

Examples

Example 1: Import HGS state data

PS C:\> Import-HgsServerState -Path "C:\ExportedHgsServerState.xml" -Password $Pass

This command imports previously exported state on the current HGS server. This command can be called on only one node. The state is automatically replicated to other nodes in the HGS server setup.

The exported state is the output generated from Export-HgsServerState when run against an existing HGS server setup. The password specified must match the password that was passed to Export-HgsServerState.

Use ConvertTo-SecureString to generate a secure string that represents the password.

Required Parameters

-Password

Specifies the password that the Export-HgsServerState cmdlet used to encrypt the keys.

Type:SecureString
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-ImportActiveDirectoryModeState

Indicates that this cmdlet imports and updates Attestation service configuration state relevant to the Active Directory operational mode.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ImportTpmModeState

Indicates that this cmdlet imports and updates Attestation service configuration state relevant to the trusted platform module (TPM) operational mode.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Path

Specifies the path of the file that this cmdlet imports.

Type:String
Aliases:FilePath
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-XML

Specifies the state that this cmdlet imports as an XML document.

Type:XmlDocument
Aliases:InputObject
Position:1
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False