Windows Agent: Configuring Zone-Based (URL) Encryption & Decryption
  • 17 Oct 2020
  • 1 Minute To Read
  • Print
  • Share
  • Dark
    Light

Windows Agent: Configuring Zone-Based (URL) Encryption & Decryption

  • Print
  • Share
  • Dark
    Light

Configuration of this script will enable the SecureCircle Agent to automatically protect or unprotect files in a designated location (Path). Files are protected or unprotected based on their matching domain hostURL zone.identified tag(s) (Zones) and file extension (Masks) filters.

Get PowerShell Scripts:

sample-config.psd1

FileSystemWatcher.ps1

Consider and set the following parameters in the “sample-config.psd1” file provided:

Path =  C:/Users/myUser/Downloads/CompanyDocs #Monitor this path
CUUID = "{abc-123}" #CircleID
Masks = #Filter out events whose paths do not match any of these regexes (protect matching RegEx/extensions)
Zones =
      Decrypt = @ #Decrypt (unprotect) files matching the zone
      Encrypt = @ #Encrypt (protect) files matching the zone
      Precedence = #"Encrypt" or "Decrypt". This defines precedence in case both Decrypt and Encrypt are matched
Notes

(Optional) NoZoneIdBehavior can be set in order to protect or unprotected files without a matching zone.

Executing the script:

EXAMPLE 1

FileSystemWatcher.ps1 -ConfigFile sample-config.psd1 #Loads configuration from the file sample-config.psd1

EXAMPLE 2

FileSystemWatcher.ps1 -Configuration @{SCHostname = ...} #Specifies configuration inline (see sample-config.psd1 for configuration details)
  • The script can be executed manually on unmanaged devices, but it is suggested to have it execute during user logon, if a device management solution is implemented.
Was This Article Helpful?