Windows Agent: Configuring Zone-Based (URL) Encryption & Decryption
- Updated On 17 Oct 2020
- 1 Minute To Read
-
Print
-
DarkLight
Configuration of this script will enable the SecureCircle Agent to automatically protect or unprotect files in a designated location (Path). Files are protected or unprotected based on their matching domain hostURL zone.identified tag(s) (Zones) and file extension (Masks) filters.
Get PowerShell Scripts:
Consider and set the following parameters in the “sample-config.psd1” file provided:
Path = C:/Users/myUser/Downloads/CompanyDocs #Monitor this path
CUUID = "{abc-123}" #CircleID
Masks = #Filter out events whose paths do not match any of these regexes (protect matching RegEx/extensions)
Zones =
Decrypt = @ #Decrypt (unprotect) files matching the zone
Encrypt = @ #Encrypt (protect) files matching the zone
Precedence = #"Encrypt" or "Decrypt". This defines precedence in case both Decrypt and Encrypt are matched
Notes
(Optional) NoZoneIdBehavior can be set in order to protect or unprotected files without a matching zone.
Executing the script:
EXAMPLE 1
FileSystemWatcher.ps1 -ConfigFile sample-config.psd1 #Loads configuration from the file sample-config.psd1
EXAMPLE 2
FileSystemWatcher.ps1 -Configuration @{SCHostname = ...} #Specifies configuration inline (see sample-config.psd1 for configuration details)
- The script can be executed manually on unmanaged devices, but it is suggested to have it execute during user logon, if a device management solution is implemented.
Was This Article Helpful?