Set-CertificateAutoEnrollmentPolicy
Sets local certificate auto-enrollment policy.
Set-CertificateAutoEnrollmentPolicy
[-StoreName <String[]>]
-PolicyState <PolicySetting>
[-ExpirationPercentage <Int32>]
[-EnableTemplateCheck]
[-EnableMyStoreManagement]
[-EnableBalloonNotifications]
-context <Context>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-CertificateAutoEnrollmentPolicy
[-EnableAll]
-context <Context>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
The Set-CertificateAutoEnrollmentPolicy
cmdlet configures local certificate auto-enrollment policy
for a user or computer. The auto-enrollment policy can also be configured by using the Local
Security Policy console. These settings can be found in the following location:
\Security Settings\Public Key Policies\Certificate Services Client - Auto-Enrollment
Delegation may be required when using this cmdlet with Windows PowerShell remoting and changing user configuration.
$params = @{
PolicyState = 'Enabled'
EnableMyStoreManagement = $true
EnableTemplateCheck = $true
Context = 'User'
}
Set-CertificateAutoEnrollmentPolicy @params
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificates templates options enabled.
Set-CertificateAutoEnrollmentPolicy -PolicyState NotConfigured -Context Machine
This example sets local computer certificate auto-enrollment policy to Not Configured.
$params = @{
ExpirationPercentage = 15
PolicyState = 'Enabled'
EnableExpirationNotification = $true
Context = 'Machine'
StoreName = 'Remote Desktop'
}
Set-CertificateAutoEnrollmentPolicy @params
This example enables local computer certificate auto-enrollment policy with the Expiration
notifications option enabled and set to 15
percent of the certificate lifetime. This cmdlet also
configures the Remote Desktop
certificate store as an additional store to be monitored for
certificate expiration.
Set-CertificateAutoEnrollmentPolicy -EnableAll -Context User
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificates templates options enabled. It also enables Expiration notifications with an expiration percentage of 10 percent of the certificate lifetime.
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies whether to set certificate auto-enrollment policy for the user or computer context.
Type: | Microsoft.CertificateServices.Commands.Context |
Accepted values: | Machine, User |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enables all of the auto-enrollment policy settings and sets the value for the expiration percentage to 10 percent. If this parameter is enabled, then only the Context parameter is required and all other parameters are optional.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enables the Expiration balloon notifications option for the certificate auto-enrollment policy.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Enables the Renew expired certificates, update pending certificates, and remove revoked certificates option for the certificate auto-enrollment policy.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Verifies that existing certificates are based on the most recent version of a certificate template and updates them if they are not.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Sets the percentage of the certificate lifetime at which close-to-expiration events are logged and auto-enrollment notifications start to appear.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the state of the certificate auto-enrollment policy configuration.
Type: | Microsoft.CertificateServices.Commands.PolicySetting |
Accepted values: | NotConfigured, Enabled, Disabled |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies additional comma separated certificate stores to monitor for certificates that have expired or are expiring. The MY store is always monitored.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties.
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties. Each property can be modified and piped into this cmdlet to be applied.