Creates a new SystoLOCK token.
New-SystoLockToken [[-Algorithm] <String>] [[-Digits] <Int32>] [[-Identifier] <String>] [[-Secret] <Secret>]
[[-TimeStep] <Int32>] [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>] [-DomainController <String>]
[-Timeout <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
New-SystoLockToken [[-Digits] <Int32>] [-Hotp] [[-Identifier] <String>] [[-Secret] <Secret>]
[-Address <ServiceAddress>] [-AuthType <NtdsAuthType>] [-DomainController <String>] [-Timeout <Int32>]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
New-SystoLockToken [-Ecdh] [[-Identifier] <String>] [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-Timeout <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
New-SystoLockToken [-Token] <OathToken> [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-Timeout <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
New-SystoLockToken -Url <String> [-Address <ServiceAddress>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-Timeout <Int32>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
The New-SystoLockToken cmdlet creates a new TOTP, HOTP or ECDH token in the key store.
Returns newly created token information as OathToken structure.
All cmdlets interacting with SystoLock service have -Address and -Timeout parameters to adjust their behavior.
You can also set $SystoLockAddress and $SystoLockTimeout PowerShell variables or $SystoLockAddress and $SystoLockTimeout environment variables which let you specify these parameters as defaults.
If no parameters or environment variables are specified, the timeout defaults to 3 seconds and the address is obtained from DNS for current domain and site.
New-SystoLockToken
Creates a TOTP SHA256 token.
New-SystoLockToken -Hotp
Creates an HOTP SHA1 token.
New-SystoLockToken -Ecdh
Creates an ECDH token.
New-SystoLockToken -Identifier GAKT000168DE -Secret BXIIUQEDJ4DMCHKPVA4FNNZO4KEX5726 -Digits 8 -Algorithm SHA512 -TimeStep 20
Creates a TOTP token using specified parameters.
New-SystoLockToken -Identifier GAKT000168DE -Secret BXIIUQEDJ4DMCHKPVA4FNNZO4KEX5726 -Digits 8 -Hotp
Creates an HOTP token using specified parameters.
New-SystoLockToken -Identifier YSC148151623 -Ecdh
Creates an ECDH token using specified identifier.
New-SystoLockToken -Url 'otpauth://totp/Example:alice@google.com?secret=CXIIUQEDJ4DMCHKPVA4FNNZO4KEX5726&issuer=Example&algorithm=SHA256&digits=6&period=30'
Creates a token from an otpauth URI.
$token = Get-SystoLockToken -Identifier GAKT000168DE
Creates a token from an OathToken structure.
Specifies service address (optional).
Accepts an URL, a host name or a Service structure returned by previous Get-SystoLockService call.
Type: ServiceAddress
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies cryptographic algorithm (can be: SHA1, SHA256 or SHA512).
Dynamic parameter, used only if -Hotp parameter is false.
Type: String
Parameter Sets: Algorithm
Aliases:
Required: False
Position: 3
Default value: SHA256
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Specifies password digit count (range: 6 - 10, default: 6).
Type: Int32
Parameter Sets: Algorithm, Hotp
Aliases:
Required: False
Position: 2
Default value: 6
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies domain controller name (optional).
Accepts a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies ECDH token creation parameter.
Type: SwitchParameter
Parameter Sets: Ecdh
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Specifies HOTP token creation (no parameter: TOTP token creation).
Type: SwitchParameter
Parameter Sets: Hotp
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies token identifier (optional).
Type: String
Parameter Sets: Algorithm, Hotp, Ecdh
Aliases:
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies secret value (optional).
Accepts a byte array, hex-, base32- or base64-encoded string there.
To define the string encoding exactly you can use 'HEX:...', 'B32:...', 'B64:...', 'BASE32:...' or 'BASE64:...' prefix.
Type: Secret
Parameter Sets: Algorithm, Hotp
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies timeout (range: 1 - 30 seconds, default: 3 seconds).
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies time increment (range: 10 - 120 seconds, default: 30 seconds).
Dynamic parameter, used only if -Hotp parameter is false.
Type: Int32
Parameter Sets: Algorithm
Aliases:
Required: False
Position: 4
Default value: 30
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Specifies OathToken structure returned by previous Get-SystoLockToken call and modified then.
Type: OathToken
Parameter Sets: Token
Aliases:
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
Specifies URL representing the token description.
Type: String
Parameter Sets: Url
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Specifies cryptographic algorithm (can be: SHA1, SHA256 or SHA512).
Dynamic parameter, used only if -Hotp parameter is false.
Specifies password digit count (range: 6 - 10, default: 6).
Specifies HOTP token creation (no parameter: TOTP token creation).
Specifies token identifier (optional).
Specifies secret value (optional).
Accepts a byte array, hex-, base32- or base64-encoded string there.
To define the string encoding exactly you can use 'HEX:...', 'B32:...', 'B64:...', 'BASE32:...' or 'BASE64:...' prefix.
Specifies time increment (range: 10 - 120 seconds, default: 30 seconds).
Dynamic parameter, used only if -Hotp parameter is false.
Specifies OathToken structure returned by previous Get-SystoLockToken call and modified then.
Specifies URL representing the token description.
Represents OTP token information.
OathAlgorithmIdentifier Algorithm: OTP algorithm identifier ()
OathTokenClass Class: Token class ()
OathTokenConstraints Constraints: OTP token constraints if any applied
DateTime?
NotAfter: Usage end date of the token
DateTime?
NotBefore: Usage start date of the token
Int64?
NumberOfTransactions: Maximum number of times the token can be used
String FriendlyName: Token friendly name
String Identifier: Token unique identifier
TimeSpan?
Interval: Time interval value for time-based OTP algorithms in seconds
String Manufacturer: Token manufacturer name
String Model: Token model name
Int32 ResponseLength: Length of a one-time password
OathTokenRuntimeContext RuntimeContext: OTP token runtime context
DateTime?
DisableTime: Value indicating whether and when the token was disabled
Int32?
Drift: Value indicating token drift for time-based OTP algorithms
DateTime[] Failures: Time of last failed authentication
DateTime?
LastTimeUsed: Value indicating the token was last time used
DateTime?
LockTime: Value indicating whether and when the token was locked
Int64 PerformedTransactions: Value indicating the number of successfully performed transactions
String User: Identifier of a user this token is assigned to
Byte[] Secret: Token secret value
String IssueNumber: Token issue number
You can redistribute a created token in QR Code format.
See ConvertTo-SystoLockQRCode cmdlet manual for more information.