Set-CertificateAutoEnrollmentPolicy
Sets local certificate auto-enrollment policy.
Syntax
EnableSeparately
Set-CertificateAutoEnrollmentPolicy
-PolicyState <PolicySetting>
-context <Context>
[-StoreName <String[]>]
[-ExpirationPercentage <Int32>]
[-EnableTemplateCheck]
[-EnableMyStoreManagement]
[-EnableBalloonNotifications]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
EnableAll
Set-CertificateAutoEnrollmentPolicy
-context <Context>
[-EnableAll]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-CertificateAutoEnrollmentPolicy cmdlet configures local certificate auto-enrollment policy
for a user or computer. The auto-enrollment policy can also be configured by using the Local
Security Policy console. These settings can be found in the following location:
\Security Settings\Public Key Policies\Certificate Services Client - Auto-Enrollment
Delegation may be required when using this cmdlet with Windows PowerShell remoting and changing user configuration.
Examples
EXAMPLE 1
$params = @{
PolicyState = 'Enabled'
EnableMyStoreManagement = $true
EnableTemplateCheck = $true
Context = 'User'
}
Set-CertificateAutoEnrollmentPolicy @params
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificates templates options enabled.
EXAMPLE 2
Set-CertificateAutoEnrollmentPolicy -PolicyState NotConfigured -Context Machine
This example sets local computer certificate auto-enrollment policy to Not Configured.
EXAMPLE 3
$params = @{
ExpirationPercentage = 15
PolicyState = 'Enabled'
EnableExpirationNotification = $true
Context = 'Machine'
StoreName = 'Remote Desktop'
}
Set-CertificateAutoEnrollmentPolicy @params
This example enables local computer certificate auto-enrollment policy with the Expiration
notifications option enabled and set to 15 percent of the certificate lifetime. This cmdlet also
configures the Remote Desktop certificate store as an additional store to be monitored for
certificate expiration.
EXAMPLE 4
Set-CertificateAutoEnrollmentPolicy -EnableAll -Context User
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificates templates options enabled. It also enables Expiration notifications with an expiration percentage of 10 percent of the certificate lifetime.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Context
Specifies whether to set certificate auto-enrollment policy for the user or computer context.
Parameter properties
| Type: | Microsoft.CertificateServices.Commands.Context |
| Default value: | None |
| Accepted values: | Machine, User |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EnableAll
Enables all of the auto-enrollment policy settings and sets the value for the expiration percentage to 10 percent. If this parameter is enabled, then only the Context parameter is required and all other parameters are optional.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableAll
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EnableBalloonNotifications
Enables the Expiration balloon notifications option for the certificate auto-enrollment policy.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableSeparately
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-EnableMyStoreManagement
Enables the Renew expired certificates, update pending certificates, and remove revoked certificates option for the certificate auto-enrollment policy.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableSeparately
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-EnableTemplateCheck
Verifies that existing certificates are based on the most recent version of a certificate template and updates them if they are not.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableSeparately
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ExpirationPercentage
Sets the percentage of the certificate lifetime at which close-to-expiration events are logged and auto-enrollment notifications start to appear.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableSeparately
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-PolicyState
Specifies the state of the certificate auto-enrollment policy configuration.
Parameter properties
| Type: | Microsoft.CertificateServices.Commands.PolicySetting |
| Default value: | None |
| Accepted values: | NotConfigured, Enabled, Disabled |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableSeparately
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-StoreName
Specifies additional comma separated certificate stores to monitor for certificates that have expired or are expiring. The MY store is always monitored.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
EnableSeparately
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties.
Outputs
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties. Each property can be modified and piped into this cmdlet to be applied.