New-SmbServerCertificateMapping

Module:

SmbShare Module

Creates a certificate association with the SMB server for SMB over QUIC.

Syntax

Default (Default)

New-SmbServerCertificateMapping
    [-Name] <String>
    [-Thumbprint] <String>
    [-StoreName] <String>
    [-Subject <String>]
    [-DisplayName <String>]
    [-Type <Type>]
    [-Flags <Flags>]
    [-RequireClientAuthentication <Boolean>]
    [-SkipClientCertificateAccessCheck <Boolean>]
    [-Force]
    [-CimSession <CimSession[]>]
    [-ThrottleLimit <Int32>]
    [-AsJob]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The New-SmbServerCertificateMapping cmdlet associates a certificate to the SMB server for SMB over QUIC. For more information, see SMB over QUIC.

Note

• If the RequireClientAuthentication parameter is set to $true and SkipClientCertificateAccessCheck is set to $false, the server will perform both client certificate validation and access control checks.

• If the RequireClientAuthentication parameter is set to $true and SkipClientCertificateAccessCheck is also set to $true, the server will perform client certificate validation but no access control checks.

Examples

Example 1 - Map a certificate located in the local machine's personal store

This command maps a certificate located in the local machine's personal store for SMB server edge endpoint fs2.contoso.com using the certificate's thumbprint.

$params = @{
    Name = "fs2.contoso.com"
    Thumbprint = "88032B3551FAF7DE26EFFFF814AA086E3DBD2A4F"
    StoreName = "My"
    Subject = "CN=2022-ae-02"
}
New-SmbServerCertificateMapping @params

Name            Subject       Thumbprint                               DisplayName StoreName Type Flags
----            -------       ----------                               ----------- --------- ---- -----
fs2.contoso.com CN=2022-ae-02 88032B3551FAF7DE26EFFFF814AA086E3DBD2A4F 2022-ae-02  my        QUIC None

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Parameter properties

Type:	CimSession[]
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	Session

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisplayName

Specifies a friendly name to display for the mapping.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Flags

Specifies if Named Pipes are enabled for SMB over QUIC. The acceptable values for this parameter are:

• None: Remove all flags.
• AllowNamedPipe: Enable use of named pipes in SMB over QUIC connections for this mapping (off by default, overrides the value of RestrictNamedPipeAccessOverQuic).
• DefaultCert: Not used.

Parameter properties

Type:	Flags
Default value:	None
Accepted values:	None, AllowNamedPipe, DefaultCert
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Force

Forces the command to run without asking for user confirmation.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Name

Specifies a fully-qualified DNS name or NetBIOS name that must match the certificate's subject name or an entry in the certificate's subject alternative names.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	1
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-RequireClientAuthentication

Specifies whether client authentication is required for connections to the server. When this parameter is set to $true, clients must present a valid certificate to connect to the server. When it is set to $false, clients can connect without presenting a certificate.

Parameter properties

Type:	Boolean
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SkipClientCertificateAccessCheck

Specifies whether the server should skip the check for client certificate access when a client connects. This parameter only applies when the server certificate mapping RequireClientAuthentication value is $true. When this parameter is set to $true, the server will not perform the access control checks based on the client certificates. This can be useful in scenarios where the server is acting as a gateway or proxy and client certificate validation is sufficient.

However, it can also increase the risk of security breaches. When this parameter is set to $false, the server will perform the access control checks based on the client certificates in addition to the client certificate validation before allowing the client to connect.

Parameter properties

Type:	Boolean
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-StoreName

Specifies the path to the certificate store for the certificate. The recommended value is "My" for the local machine personal store.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	3
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Subject

Specifies the subject name of the certificate.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Parameter properties

Type:	Int32
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Thumbprint

Specifies the thumbprint value of the certificate.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	2
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Type

Specifies the type of certificate mapping. The acceptable value for this parameter is:

• QUIC: Certificate mapping is for SMB over QUIC.

Parameter properties

Type:	Type
Default value:	None
Accepted values:	QUIC
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet isn't run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

String

Outputs

CimInstance

Related Links

• Get-SmbServerCertificateMapping
• Remove-SmbServerCertificateMapping
• Set-SmbServerCertificateMapping