< Back
Set-CertificateAutoEnrollmentPolicy
Post
NAME Set-CertificateAutoEnrollmentPolicy
SYNOPSIS
Sets local certificate auto-enrollment policy.
SYNTAX
Set-CertificateAutoEnrollmentPolicy -context {Machine | User} -EnableAll [-Confirm] [-WhatIf] [<CommonParameters>]
Set-CertificateAutoEnrollmentPolicy [-EnableBalloonNotifications] [-EnableMyStoreManagement] [-EnableTemplateCheck] [-ExpirationPercentage <Int32>]
[-StoreName <String[]>] -context {Machine | User} -PolicyState {Disabled | Enabled | NotConfigured} [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Set-CertificateAutoEnrollmentPolicy cmdlet configures local certificate auto-enrollment policy for a user or computer. The auto-enrollment policy
can also be configured by using the Local Security Policy console. These settings can be found in the following location.
-- \\Security Settings\\Public Key Policies\\Certificate Services Client - Auto-Enrollment.
Delegation may be required when using this cmdlet with Windows PowerShell???? remoting and changing user configuration.
PARAMETERS
-context <Context>
Specifies whether to set certificate auto-enrollment policy for the user or computer context.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-EnableAll <SwitchParameter>
Enables all of the auto-enrollment policy settings and sets the value for the expiration percentage to 10 percent. If this parameter is enabled,
then only the Context parameter is required and all other parameters are optional.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-EnableBalloonNotifications [<SwitchParameter>]
Enables the Expiration balloon notifications option for the certificate auto-enrollment policy.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnableMyStoreManagement [<SwitchParameter>]
Enables the Renew expired certificates, update pending certificates, and remove revoked certificates option for the certificate auto-enrollment
policy.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnableTemplateCheck [<SwitchParameter>]
Verifies that existing certificates are based on the most recent version of a certificate template and updates them if they are not.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ExpirationPercentage [<Int32>]
Sets the percentage of the certificate lifetime at which close-to-expiration events are logged and auto-enrollment notifications start to appear.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PolicyState <PolicySetting>
Specifies the state of the certificate auto-enrollment policy configuration.
Required? true
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StoreName [<String[]>]
Specifies additional comma separated certificate stores to monitor for certificates that have expired or are expiring. The MY store is always
monitored.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties.
OUTPUTS
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties. Each property can be modified
and piped into this cmdlet to be applied.
EXAMPLE 1
PS C:\\>Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -Context User
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked
certificates and Update certificates that use certificates templates options enabled.
EXAMPLE 2
PS C:\\>Set-CertificateAutoEnrollmentPolicy -PolicyState NotConfigured -Context Machine
This example sets local computer certificate auto-enrollment policy to Not Configured.
EXAMPLE 3
PS C:\\>Set-CertificateAutoEnrollmentPolicy -ExpirationPercentage 15 -PolicyState Enabled -EnableExpirationNotification -Context Machine -StoreName
"Remote Desktop"
This example enables local computer certificate auto-enrollment policy with the Expiration notifications option enabled and set to 15 percent of the
certificate lifetime. This cmdlet also configures the Remote Desktop certificate store as an additional store to be monitored for certificate expiration.
EXAMPLE 4
The example in detail.
PS C:\\>Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -EnableExpirationNotification
-ExpirationPercentage 10 -Context User
The concise version of the same example.
PS C:\\>Set-ACertificateutoEnrollmentPolicy -EnableAll -Context User
This example performs the same task in two ways.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/p/?linkid=287539
Get-CertificateAutoEnrollmentPolicy
SYNOPSIS
Sets local certificate auto-enrollment policy.
SYNTAX
Set-CertificateAutoEnrollmentPolicy -context {Machine | User} -EnableAll [-Confirm] [-WhatIf] [<CommonParameters>]
Set-CertificateAutoEnrollmentPolicy [-EnableBalloonNotifications] [-EnableMyStoreManagement] [-EnableTemplateCheck] [-ExpirationPercentage <Int32>]
[-StoreName <String[]>] -context {Machine | User} -PolicyState {Disabled | Enabled | NotConfigured} [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Set-CertificateAutoEnrollmentPolicy cmdlet configures local certificate auto-enrollment policy for a user or computer. The auto-enrollment policy
can also be configured by using the Local Security Policy console. These settings can be found in the following location.
-- \\Security Settings\\Public Key Policies\\Certificate Services Client - Auto-Enrollment.
Delegation may be required when using this cmdlet with Windows PowerShell???? remoting and changing user configuration.
PARAMETERS
-context <Context>
Specifies whether to set certificate auto-enrollment policy for the user or computer context.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-EnableAll <SwitchParameter>
Enables all of the auto-enrollment policy settings and sets the value for the expiration percentage to 10 percent. If this parameter is enabled,
then only the Context parameter is required and all other parameters are optional.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-EnableBalloonNotifications [<SwitchParameter>]
Enables the Expiration balloon notifications option for the certificate auto-enrollment policy.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnableMyStoreManagement [<SwitchParameter>]
Enables the Renew expired certificates, update pending certificates, and remove revoked certificates option for the certificate auto-enrollment
policy.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnableTemplateCheck [<SwitchParameter>]
Verifies that existing certificates are based on the most recent version of a certificate template and updates them if they are not.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ExpirationPercentage [<Int32>]
Sets the percentage of the certificate lifetime at which close-to-expiration events are logged and auto-enrollment notifications start to appear.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PolicyState <PolicySetting>
Specifies the state of the certificate auto-enrollment policy configuration.
Required? true
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StoreName [<String[]>]
Specifies additional comma separated certificate stores to monitor for certificates that have expired or are expiring. The MY store is always
monitored.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties.
OUTPUTS
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties. Each property can be modified
and piped into this cmdlet to be applied.
EXAMPLE 1
PS C:\\>Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -Context User
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked
certificates and Update certificates that use certificates templates options enabled.
EXAMPLE 2
PS C:\\>Set-CertificateAutoEnrollmentPolicy -PolicyState NotConfigured -Context Machine
This example sets local computer certificate auto-enrollment policy to Not Configured.
EXAMPLE 3
PS C:\\>Set-CertificateAutoEnrollmentPolicy -ExpirationPercentage 15 -PolicyState Enabled -EnableExpirationNotification -Context Machine -StoreName
"Remote Desktop"
This example enables local computer certificate auto-enrollment policy with the Expiration notifications option enabled and set to 15 percent of the
certificate lifetime. This cmdlet also configures the Remote Desktop certificate store as an additional store to be monitored for certificate expiration.
EXAMPLE 4
The example in detail.
PS C:\\>Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -EnableExpirationNotification
-ExpirationPercentage 10 -Context User
The concise version of the same example.
PS C:\\>Set-ACertificateutoEnrollmentPolicy -EnableAll -Context User
This example performs the same task in two ways.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/p/?linkid=287539
Get-CertificateAutoEnrollmentPolicy