Edit

Share via


Set-RemoteAccessAccounting

Sets the enabled state for inbox and RADIUS accounting for both external RADIUS and Windows accounting and configures the settings when enabled.

Syntax

Set-RemoteAccessAccounting
   [-ComputerName <String>]
   [-PassThru]
   [-RadiusServer <String>]
   [-SharedSecret <String>]
   [-RadiusPort <UInt16>]
   [-RadiusScore <Byte>]
   [-RadiusTimeout <UInt32>]
   [-AccountingOnOffMsg <String>]
   [-EnableAccountingType] <String>
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-RemoteAccessAccounting
   -DisableAccountingType <String>
   [-ComputerName <String>]
   [-PassThru]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-RemoteAccessAccounting cmdlet sets the enabled state for inbox and RADIUS accounting for both external RADIUS and Windows accounting and configures the settings when enabled.

The accounting configuration is globally applicable, such as if a particular kind of accounting is Enabled or Disabled, then that particular kind of accounting is Enabled or Disabled on all Remote Access (RA) servers in the corporate network. The associated configuration is also applicable for all of the corporate network.

-- All RA servers have the same configured accounting RADIUS servers.

-- The default limit set for the inbox accounting store size is the same on all RA servers.

Therefore, this cmdlet is not impacted by a multi-site deployment.

Both inbox accounting and RADIUS accounting can be active at the same time. RADIUS accounting includes Windows accounting, external RADIUS accounting and accounting on the local Network Policy Server (NPS), but only one type of accounting can be active at any time. The RadiusServer, SharedSecret, RadiusPort, RadiusScore, RadiusTimeout, and AccountingOnOffMsg parameters are applicable only when RADIUS accounting is Enabled and cannot be specified when inbox accounting is Enabled.

The following is the behavior associated with enabling External RADIUS accounting.

-- If there is a VPN deployment with accounting enabled and if DirectAccess (DA) is installed on the same RA server then accounting is automatically enabled for DA also and the configuration remains unchanged. Note: If Windows Accounting is enabled for VPN, then it will not work for DA as this is not a supported configuration for DA. For accounting to work for DA in this scenario either NPS needs to be installed locally or an external RADIUS server needs to be configured for accounting. The external radius server can be added using the Add-RemoteAccessRadius cmdlet.

-- If user does not specify a RADIUS server then this cmdlet automatically configures Windows accounting: Note: In this scenario, for accounting to work for DA, NPS needs to be installed on the RA server.

Switching from Windows Accounting to external RADIUS accounting and switching from external RADIUS accounting to Windows Accounting.

-- If the current configuration is Windows accounting a user can switch to external RADIUS accounting by doing one of the following:

---- Run the same cmdlet to enable RADIUS accounting and specify an external RADIUS server

---- Add an external RADIUS server using the Add-RemoteAccessRadius cmdlet. This enables RADIUS accounting without running this cmdlet.

-- A user can switch back to Windows accounting by deleting all the configured external RADIUS servers.

Examples

EXAMPLE 1

PS C:\>Set-RemoteAccessAccounting -EnableAccountingType Inbox -ComputerName edge2 -PassThru
WARNING-GPO updates cannot be applied to edge2.corp.contoso.com. Changes will not take effect until the next policy refresh. 
RadiusAccountingStatus          : Disabled 
RemoteRadiusServerList          : 
InboxAccountingStatus           : Enabled 
InboxStoreLimit                 : 12m 
InboxStoreUsedBytes             : 0 
InboxStoreUsedBytesInPercentage : 0 
InboxStoreFreeBytes             : 4282318848 
InboxStoreFreeBytesInPercentage : 99.7055053710938 
InboxStoreFirstRecordDate       : 12/17/2011 6:53:24 PM 
InboxStoreLastRecordDate        : 12/17/2011 6:53:24 PM 

The accounting store is configured to retain data for up to 2 years.
PS C:\>Set-RemoteAccessInboxAccountingStore -StoreLimit 2y

This example enables inbox accounting for this deployment. The RA server on which this cmdlet is run is specified using the ComputerName parameter.

EXAMPLE 2

PS C:\>Set-RemoteAccessAccounting -EnableAccountingType ExternalRadius -RadiusServer radius1.corp.contoso.com -RadiusTimeout 5 -SharedSecret s3cr3t -RadiusPort 1813 -RadiusScore 30
RadiusAccountingStatus          : ExternalRadius 
RemoteRadiusServerList          : {radius1.corp.contoso.com} 
InboxAccountingStatus           : Enabled 
InboxStoreLimit                 : 12m 
InboxStoreUsedBytes             : 0 
InboxStoreUsedBytesInPercentage : 0 
InboxStoreFreeBytes             : 4282318848 
InboxStoreFreeBytesInPercentage : 99.7055053710938 
InboxStoreFirstRecordDate       : 12/17/2011 6:53:24 PM 
InboxStoreLastRecordDate        : 12/17/2011 6:53:24 PM

This example configures RA to use RADIUS accounting with configuration parameters.

EXAMPLE 3

PS C:\>Set-RemoteAccessAccounting -DisableAccountingType ExternalRadius
RadiusAccountingStatus          : Disabled 
RemoteRadiusServerList          : 
InboxAccountingStatus           : Enabled 
InboxStoreLimit                 : 12m 
InboxStoreUsedBytes             : 0 
InboxStoreUsedBytesInPercentage : 0 
InboxStoreFreeBytes             : 4282318848 
InboxStoreFreeBytesInPercentage : 99.7055053710938 
InboxStoreFirstRecordDate       : 12/17/2011 6:53:24 PM 
InboxStoreLastRecordDate        : 12/17/2011 6:53:24 PM

This example disables RADIUS accounting while still retaining inbox accounting.

Parameters

-AccountingOnOffMsg

Specifies the enabled state for the sending of accounting on and off messages. The acceptable values for this parameter are:

-- Enabled.

-- Disabled.

The default value is Disabled.

Type:String
Accepted values:Enabled, Disabled
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ComputerName

Specifies the IPv4 or IPv6 address, or host name, of the computer on which the RA server computer specific tasks should be run.

Type:String
Aliases:Cn
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAccountingType

Indicates the accounting type that has to be disabled. The acceptable values for this parameter are:

-- Inbox.

-- ExternalRadius.

Type:String
Accepted values:Inbox, ExternalRadius
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-EnableAccountingType

Indicates the accounting type that needs to be enabled. The acceptable values for this parameter are:

-- Inbox: The store size is set to 12 months automatically. The Set-RemoteAccessInboxAccountingStore cmdlet is used to change the store size on individual RA servers.

-- ExternalRadius: Can also be used to enable Windows Accounting or Accounting on the NPS installed locally on the same computer.

Type:String
Accepted values:Inbox, ExternalRadius
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RadiusPort

Specifies the port number on which the RADIUS server is accepting authentication requests.

The default value is 1813.

This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Type:UInt16
Aliases:Port
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-RadiusScore

Specifies the initial score.

The default value is 30.

This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Type:Byte
Aliases:Score
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-RadiusServer

Specifies the IPv4 or IPv6 address, or host name, of the external RADIUS server that is used for accounting. This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Type:String
Aliases:ServerName
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-RadiusTimeout

Specifies the time in seconds that the RA server waits for a response from the RADIUS server before the RA server tries to connect to the next RADIUS server. The default value is 5. Specify this parameter only if you specify ExternalRadius for the EnableAccountingType parameter.

Type:UInt32
Aliases:Timeout
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SharedSecret

Specifies the shared secret between the RA server and the specified external RADIUS server which is required for successful communication between the two servers. Note: The secret is specified in clear text. This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

UInt16

Byte

UInt32

Outputs

CimInstance

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.

The RemoteAccessAccounting object consists of the following properties:

-- The status of RADIUS accounting (Disabled, Windows, or ExternalRadius) and the list of RADIUS servers in the case of ExternalRadius accounting. If there is no external radius accounting enabled, then the list of Radius servers is empty.

-- The status of inbox accounting (Enabled or Disabled) and the associated properties.

-- Time span of the store.

-- Number of used bytes.

-- Percentage of used bytes.

-- Number of free bytes.

-- Percentage of free bytes.

-- Time stamp of the first record in the database.

-- Time stamp of the last record in the database.