HRA Request Policy Commands

  • Article

Applies To: Windows Server 2008, Windows Server 2012, Windows Server 2012 R2

This section contains the following commands.

  • add asymmetrickey

  • delete asymmetrickey

  • reset asymmetrickey

  • show asymmetrickeys

  • add csp

  • delete csp

  • reset csp

  • show csps

  • add hash

  • delete hash

  • reset hash

  • show hashes

  • add useragent

  • delete useragent

  • reset useragent

HRA request policy commands

Health Registration Authority (HRA) request policy commands are used to configure security mechanisms that the HRA server uses to communicate with client computers. Settings include asymmetric key algorithms, hash keys algorithms, cryptographic service providers, and HTTP client user agents.

add asymmetrickey

Adds an asymmetric key algorithm to the HRA configuration.

Syntax

add asymmetrickey [ [ oid = ] oid [ minkeylength = ] minkeylength [ maxkeylength = ] maxkeylength ]

Parameters

  • oid
    Required. Specifies the object identifier (oid) for the asymmetric key algorithm.
  • minkeylength
    Optional. Specifies the minimum asymmetric key length.
  • maxkeylength
    Optional. Specifies the maximum asymmetric key length.

Example

In the following example, an asymmetric key algorithm is added to the HRA configuration with an object identifier of 1.2.840.113549.1.1.1, a minimum key length of 1024 bytes, and maximum key length of 4096 bytes.

add asymmetrickey oid = "1.2.840.113549.1.1.1" minkeylength = "1024" maxkeylength = "4096"

delete asymmetrickey

Deletes an asymmetric key algorithm from the list of allowed asymmetric key algorithms.

Syntax

delete asymmetrickey [ oid = ] oid

Parameters

  • oid
    Required. Specifies the object identifier.

Example

In the following example, an asymmetric key algorithm with an object identifier of 1.2.840.113549.1.1.1 is deleted from the HRA configuration.

delete asymmetrickey oid = "1.2.840.113549.1.1.1"

reset asymmetrickey

Resets the HRA configuration to use the default asymmetric key algorithm of RSA with a key length of 1024 bits.

Syntax

reset asymmetrickey

show asymmetrickeys

Shows all available asymmetric keys on the HRA server. Use this command to obtain the object identifiers that you can use with the "add asymmetrickey" command.

Syntax

show asymmetrickeys

add csp

Adds a cryptographic service provider (CSP) to the list of allowed CSPs in the HRA configuration.

Syntax

add csp [ name = ] name

Parameters

  • Name
    Required. Specifies the name of the CSP you want to add.

Example

In the following example, a CSP with the name of "Microsoft RSA SChannel Cryptographic Provider" is added to the HRA configuration.

add csp name = "Microsoft RSA SChannel Cryptographic Provider"

delete csp

Deletes a CSP from the list of allowed CSPs.

Syntax

delete csp [ name = ] name

Parameters

  • Name
    Required. Specifies the name of the CSP you want to delete.

Example

In the following example, a CSP with the name of "Microsoft RSA SChannel Cryptographic Provider" is deleted from the HRA configuration.

delete csp name = "Microsoft RSA SChannel Cryptographic Provider"

reset csp

Resets the HRA configuration to use the default CSP of "MS-Enhanced cryptographic service provider."

Syntax

reset csp

show csps

Shows all available CSPs on the HRA server. Use this command to obtain the names of CSPs that you can use with the "add csp" and "delete csp" commands.

Syntax

show csps

add hash

Adds a hash algorithm to the list of allowed hash algorithms in the HRA configuration. You can obtain the hash algorithm object identifier by using the "show hashes" command.

Syntax

add hash [ oid = ] oid

Parameters

  • oid
    Required. Specifies the object identifier of the hash algorithm you want to add.

Example

In the following example, a hash algorithm with an object identifier of "1.2.840.113549.1.1.5" is added to the HRA configuration.

add hash oid = "1.2.840.113549.1.1.5"

delete hash

Deletes a hash algorithm from the list of allowed hashes.

Syntax

delete hash [ oid = ] oid

Parameters

  • oid
    Required. Specifies the object identifier of the hash algorithm you want to delete.

Example

In the following example, a hash algorithm with an object identifier of "1.2.840.113549.1.1.5" is deleted from the HRA configuration.

delete hash oid = "1.2.840.113549.1.1.5"

reset hash

Resets the HRA configuration to use the default hash algorithm of "SHA1."

Syntax

reset hash

show hashes

Shows all available hash algorithms on the HRA server. Use this command to obtain the object identifiers that you can use with the "add hash" and "delete hash" commands.

Syntax

show hashes

add useragent

Adds a hash algorithm to the list of allowed hash algorithms in the HRA configuration. You can obtain the hash algorithm object identifier by using the "show hashes" command.

Warning

When you run this command for the first time, the default configuration allowing use of any user agent will be overwritten. After specifying user agents with the "add useragent" command, client computers will only be able to communicate with HRA using one of the allowed user agents.

Syntax

add useragent [ name = ] name

Parameters

  • name
    Required. Specifies the name of the user agent you want to add.

Example

In the following example, a user agent with the name "NAP IPsec Enforcement v1.0" is added to the HRA configuration.

add useragent name = "NAP IPsec Enforcement v1.0"

delete useragent

Deletes a user agent from the list of allowed agents.

Syntax

delete useragent [ name = ] name

Parameters

  • name
    Required. Specifies the name of the user agent you want to delete.

Example

In the following example, a user agent with the name "NAP IPsec Enforcement v1.0" is deleted from the HRA configuration.

delete useragent name = "NAP IPsec Enforcement v1.0"

reset useragent

Resets the HRA user agent configuration to the default value of "ANY."

Syntax

reset useragent