< Back
New-EapConfiguration
Post
NAME New-EapConfiguration
SYNOPSIS
Generates an XML file with the specified EAP configuration.
SYNTAX
New-EapConfiguration [[-UseWinlogonCredential]] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-EapConfiguration [-Peap] [[-VerifyServerIdentity]] [[-TunnledEapAuthMethod] <XmlDocument>] [-CimSession <CimSession[]>] [-EnableNap] [-FastReconnect
<Boolean>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-EapConfiguration [-Ttls] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-TunnledEapAuthMethod <XmlDocument>] [-TunnledNonEapAuthMethod {Pap
| Chap | MSChap | MSChapv2}] [-UseWinlogonCredential] [-Confirm] [-WhatIf] [<CommonParameters>]
New-EapConfiguration [-Tls] [[-VerifyServerIdentity]] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-UserCertificate] [-Confirm] [-WhatIf]
[<CommonParameters>]
DESCRIPTION
The New-EapConfiguration cmdlet creates an XML file with the specified EAP configuration. You use this cmdlet to create the EAP XML configuration file
for EAP authentication that is then used by the Set-VpnConnection cmdlet or the Add-VpnConnection cmdlet. If errors happen during the generation of the
XML file, the error information is returned.
PARAMETERS
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or
Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-EnableNap [<SwitchParameter>]
Indicates that the cmdlet enables Network Access Protection (NAP) for PEAP.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-FastReconnect [<Boolean>]
Specifies whether to enable FastReconnect in the current PEAP configuration. Specify either $True or $False.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Peap <SwitchParameter>
Indicates that PEAP is used as the authentication method.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is
entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the
computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Tls <SwitchParameter>
Indicates that EAP-TLS, either smart card based or user certificate based, is used as the authentication method.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Ttls <SwitchParameter>
Indicates that TTLS is used as the authentication method.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TunnledEapAuthMethod [<XmlDocument>]
Specifies the configuration XML for tunneled EAP, EAP-TTLS, or PEAP authentication.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-TunnledNonEapAuthMethod [<String>]
Specifies the simple EAP-TTLS client authentication methods. The acceptable values for this parameter are:
-- Pap
-- Chap
-- MSChap
-- MSCHapv2
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UserCertificate [<SwitchParameter>]
Indicates that a user certificate is used for authentication. This parameter is used with EAP-TLS. If this parameter is not specified, a smart card
authentication is used.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UseWinlogonCredential [<SwitchParameter>]
Indicates that MSCHAPv2 or EAP-MSCHAPv2 is used as the authentication method, and that Windows logon credentials are used automatically when
connecting with the VPN connection profile.
Required? false
Position? 4
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VerifyServerIdentity [<SwitchParameter>]
Indicates that server identity validation is performed for the VPN connection. This parameter is used with PEAP, and EAP-TLS with tunneled EAP
client authentication.
Required? false
Position? 3
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Microsoft.Management.Infrastructure.CimInstance#root/Microsoft/Windows/RemoteAccess/ClientEapConfiguration
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The
path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
This cmdlet returns a VpnConnection object that contains the VPN connection configuration settings.
Example 1: Create a default EAP configuration object
PS C:\\> $A = New-EapConfiguration
This command creates a default EAP configuration object, and stores it in the variable named $A. You can use the XML configuration object stored in the
variable when you create a VPN connection or change the configuration of a VPN connection.
Example 2: Create a customized EAP configuration object
PS C:\\> $A = New-EapConfiguration -UseWinlogonCredential
This command creates an EAP configuration object, customized by the UseWinlogonCredential parameter, and stores it in the variable named $A. By
specifying the UseWinlogonCredential parameter, the EAP configuration object is configured to use MSCHAPv2 as the authentication method, and that
Windows logon credentials are used automatically when connecting with the VPN connection profile.
Example 3: Create a TLS customized EAP configuration object
PS C:\\> $A = New-EapConfiguration -Tls -VerifyServerIdentity -UserCertificate
This command creates a customized EAP configuration object and stores it in the variable named $A. The EAP configuration object is customized by
specifying the following parameters:
--The Tls parameter, which indicates that this configuration object uses EAP-TLS
-- The VerifyServerIdentity parameter, which indicates that the identity of the server to which the client connects is validated
-- The UserCertificate parameter, which indicates that the EAP-TLS authentication method uses a user certificate.
Example 4: Create a TTLS customized EAP configuration object
PS C:\\> $A = New-EapConfiguration -Ttls
This command creates an EAP configuration object, customized by the Ttls parameter to use the TTLS authentication method. The configuration object is
stored in the variable named $A.
Example 5: Create a TTLS EAP configuration object with MSCHAPv2 as the client authentication method
PS C:\\> $A = New-EapConfiguration -Ttls -TunnledNonEapAuthMethod "MSChapv2" -UseWinlogonCredential
This command creates a new EAP configuration object and stores it in the variable named $A. The EAP configuration object is customized by specifying the
following parameters:
-- The Ttls parameter, which indicates that this configuration object uses TTLS as the authentication method
-- The TunneledNonEapAuthMethod parameter with the MSChapv2 value, which specifies that MSCHAPv2 is used as the specific client authentication method
-- The UseWinlogonCredential parameter, which indicates that Windows logon credentials are used automatically when connecting with the VPN connection
profile that uses this EAP configuration object.
Example 6: Create an EAP configuration object and use it as input
This command creates an EAP configuration object configured to use an EAP-TLS authentication method and to verify the server identity. The configuration
object is stored in a variable named $B.
PS C:\\>$B = New-EapConfiguration -Tls -VerifyServerIdentity
This command creates an EAP configuration object configured to use the TTLS authentication method, and specifies the TunnledEapAuthMethod parameter to
use the EapConfigXmlStream created by the first EAP configuration object as the tunnel EAP authentication method.
PS C:\\>$A = New-EapConfiguration -Ttls -TunnledEapAuthMethod $B.EapConfigXmlStream
This set of commands creates an EAP configuration object customized with a TTLS authentication method which uses EAP-TLS as the tunneled client
authentication method.
Example 7: Create an EAP configuration object that uses PEAP authentication
PS C:\\> $A = New-EapConfiguration -Peap
This command creates an EAP configuration object customized by the Peap parameter to use the PEAP authentication method. The configuration object is
stored in a variable named $A.
Example 8: Create a customized EAP configuration object and use it as input
This command creates the EAP configuration object and stores it in the variable named $B. The EAP configuration object is customized to use the TLS
authentication method by the Tls parameter, and configured to verify the identity of the server by the VerifyServerIdentity parameter.This command
implicitly configures a smart card to be used for authentication.
PS C:\\>$B = New-EapConfiguration -Tls -VerifyServerIdentity
This command uses the EapConfigXmlStream method of the EAP configuration object created in the previous command to specify the value for the
TunnledEapAuthMethod parameter. This command also specifies that PEAP is the authentication method, as specified by the Peap parameter; that NAP is
enabled for PEAP, as specified by the EnableNap parameter; and that FastReconnect is enabled, as specified by the FastReconnect parameter.
PS C:\\>$a = New-EapConfiguration -Peap -EnableNap -FastReconnect $True -VerifyServerIdentity -TunnledEapAuthMethod $b.EapConfigXmlStream
This set of commands creates an EAP configuration object customized with the TLS authentication method, and then uses its EapConfigXmlStream object as
the tunneled authentication method.
RELATED LINKS
Add-VpnConnection
Set-VpnConnection
SYNOPSIS
Generates an XML file with the specified EAP configuration.
SYNTAX
New-EapConfiguration [[-UseWinlogonCredential]] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-EapConfiguration [-Peap] [[-VerifyServerIdentity]] [[-TunnledEapAuthMethod] <XmlDocument>] [-CimSession <CimSession[]>] [-EnableNap] [-FastReconnect
<Boolean>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-EapConfiguration [-Ttls] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-TunnledEapAuthMethod <XmlDocument>] [-TunnledNonEapAuthMethod {Pap
| Chap | MSChap | MSChapv2}] [-UseWinlogonCredential] [-Confirm] [-WhatIf] [<CommonParameters>]
New-EapConfiguration [-Tls] [[-VerifyServerIdentity]] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-UserCertificate] [-Confirm] [-WhatIf]
[<CommonParameters>]
DESCRIPTION
The New-EapConfiguration cmdlet creates an XML file with the specified EAP configuration. You use this cmdlet to create the EAP XML configuration file
for EAP authentication that is then used by the Set-VpnConnection cmdlet or the Add-VpnConnection cmdlet. If errors happen during the generation of the
XML file, the error information is returned.
PARAMETERS
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or
Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-EnableNap [<SwitchParameter>]
Indicates that the cmdlet enables Network Access Protection (NAP) for PEAP.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-FastReconnect [<Boolean>]
Specifies whether to enable FastReconnect in the current PEAP configuration. Specify either $True or $False.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Peap <SwitchParameter>
Indicates that PEAP is used as the authentication method.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is
entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the
computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Tls <SwitchParameter>
Indicates that EAP-TLS, either smart card based or user certificate based, is used as the authentication method.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Ttls <SwitchParameter>
Indicates that TTLS is used as the authentication method.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TunnledEapAuthMethod [<XmlDocument>]
Specifies the configuration XML for tunneled EAP, EAP-TTLS, or PEAP authentication.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-TunnledNonEapAuthMethod [<String>]
Specifies the simple EAP-TTLS client authentication methods. The acceptable values for this parameter are:
-- Pap
-- Chap
-- MSChap
-- MSCHapv2
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UserCertificate [<SwitchParameter>]
Indicates that a user certificate is used for authentication. This parameter is used with EAP-TLS. If this parameter is not specified, a smart card
authentication is used.
Required? false
Position? named
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UseWinlogonCredential [<SwitchParameter>]
Indicates that MSCHAPv2 or EAP-MSCHAPv2 is used as the authentication method, and that Windows logon credentials are used automatically when
connecting with the VPN connection profile.
Required? false
Position? 4
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VerifyServerIdentity [<SwitchParameter>]
Indicates that server identity validation is performed for the VPN connection. This parameter is used with PEAP, and EAP-TLS with tunneled EAP
client authentication.
Required? false
Position? 3
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Microsoft.Management.Infrastructure.CimInstance#root/Microsoft/Windows/RemoteAccess/ClientEapConfiguration
The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The
path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
This cmdlet returns a VpnConnection object that contains the VPN connection configuration settings.
Example 1: Create a default EAP configuration object
PS C:\\> $A = New-EapConfiguration
This command creates a default EAP configuration object, and stores it in the variable named $A. You can use the XML configuration object stored in the
variable when you create a VPN connection or change the configuration of a VPN connection.
Example 2: Create a customized EAP configuration object
PS C:\\> $A = New-EapConfiguration -UseWinlogonCredential
This command creates an EAP configuration object, customized by the UseWinlogonCredential parameter, and stores it in the variable named $A. By
specifying the UseWinlogonCredential parameter, the EAP configuration object is configured to use MSCHAPv2 as the authentication method, and that
Windows logon credentials are used automatically when connecting with the VPN connection profile.
Example 3: Create a TLS customized EAP configuration object
PS C:\\> $A = New-EapConfiguration -Tls -VerifyServerIdentity -UserCertificate
This command creates a customized EAP configuration object and stores it in the variable named $A. The EAP configuration object is customized by
specifying the following parameters:
--The Tls parameter, which indicates that this configuration object uses EAP-TLS
-- The VerifyServerIdentity parameter, which indicates that the identity of the server to which the client connects is validated
-- The UserCertificate parameter, which indicates that the EAP-TLS authentication method uses a user certificate.
Example 4: Create a TTLS customized EAP configuration object
PS C:\\> $A = New-EapConfiguration -Ttls
This command creates an EAP configuration object, customized by the Ttls parameter to use the TTLS authentication method. The configuration object is
stored in the variable named $A.
Example 5: Create a TTLS EAP configuration object with MSCHAPv2 as the client authentication method
PS C:\\> $A = New-EapConfiguration -Ttls -TunnledNonEapAuthMethod "MSChapv2" -UseWinlogonCredential
This command creates a new EAP configuration object and stores it in the variable named $A. The EAP configuration object is customized by specifying the
following parameters:
-- The Ttls parameter, which indicates that this configuration object uses TTLS as the authentication method
-- The TunneledNonEapAuthMethod parameter with the MSChapv2 value, which specifies that MSCHAPv2 is used as the specific client authentication method
-- The UseWinlogonCredential parameter, which indicates that Windows logon credentials are used automatically when connecting with the VPN connection
profile that uses this EAP configuration object.
Example 6: Create an EAP configuration object and use it as input
This command creates an EAP configuration object configured to use an EAP-TLS authentication method and to verify the server identity. The configuration
object is stored in a variable named $B.
PS C:\\>$B = New-EapConfiguration -Tls -VerifyServerIdentity
This command creates an EAP configuration object configured to use the TTLS authentication method, and specifies the TunnledEapAuthMethod parameter to
use the EapConfigXmlStream created by the first EAP configuration object as the tunnel EAP authentication method.
PS C:\\>$A = New-EapConfiguration -Ttls -TunnledEapAuthMethod $B.EapConfigXmlStream
This set of commands creates an EAP configuration object customized with a TTLS authentication method which uses EAP-TLS as the tunneled client
authentication method.
Example 7: Create an EAP configuration object that uses PEAP authentication
PS C:\\> $A = New-EapConfiguration -Peap
This command creates an EAP configuration object customized by the Peap parameter to use the PEAP authentication method. The configuration object is
stored in a variable named $A.
Example 8: Create a customized EAP configuration object and use it as input
This command creates the EAP configuration object and stores it in the variable named $B. The EAP configuration object is customized to use the TLS
authentication method by the Tls parameter, and configured to verify the identity of the server by the VerifyServerIdentity parameter.This command
implicitly configures a smart card to be used for authentication.
PS C:\\>$B = New-EapConfiguration -Tls -VerifyServerIdentity
This command uses the EapConfigXmlStream method of the EAP configuration object created in the previous command to specify the value for the
TunnledEapAuthMethod parameter. This command also specifies that PEAP is the authentication method, as specified by the Peap parameter; that NAP is
enabled for PEAP, as specified by the EnableNap parameter; and that FastReconnect is enabled, as specified by the FastReconnect parameter.
PS C:\\>$a = New-EapConfiguration -Peap -EnableNap -FastReconnect $True -VerifyServerIdentity -TunnledEapAuthMethod $b.EapConfigXmlStream
This set of commands creates an EAP configuration object customized with the TLS authentication method, and then uses its EapConfigXmlStream object as
the tunneled authentication method.
RELATED LINKS
Add-VpnConnection
Set-VpnConnection