Connection Request Policy Commands

Applies To: Windows Server 2008

This section contains the following commands.

  • add crp

  • delete crp

  • rename crp

  • reset crp

  • set crp

  • show crp

  • show crpconditionattributes

  • show crpprofileattributes

For information on how to interpret netsh command syntax, see Formatting Legend.

Connection Request Policies commands

The following entries provide details for each command.

add crp

Adds a connection request policy to the Network Policy Server (NPS) configuration and defines the conditions and settings of the policy.

Syntax

add crp [ name = ] name [ [ state = ] ENABLE|DISABLE [ processingorder = ] processingorder [ policysource = ] policysource [ conditionid = ] conditionid [ conditiondata = ] conditiondata [ profileid = ] profileid ([ advprofiletype = ] type [ advprofiledata = ] data ) [ profiledata = ] profiledata ]

Parameters

  • name
    Required. Specifies the name of the connection request policy that you want to add.
  • state
    Optional. Specifies whether the policy is enabled or disabled. The default is enabled.
  • processingorder
    Optional. Specifies the numeric position of this policy in the list of policies configured on the NPS. Policies highest in the list (for example, at first position) are processed by NPS first. Policies added at positions above other policies cause the positions of the other policies to drop in the list by one position. If processingorder is not specified, the policy is added at the end of the list.
  • policysource
    Optional. Specifies the type of RADIUS client that can send connection requests that match this policy. An integer value of aero through five must be used to designate the type of RADIUS client that is allowed for the policy. The default value of zero allows connection requests from any type of RADIUS client. See the Remarks section for more information.
  • conditionid
    Optional. Specifies the condition name or ID that you want to configure in this connection request policy.

    You can view the list of available condition attributes at the netsh prompt by running the show crpconditionattributes command. See the section "NPS attributes" for more information.

  • profileid
    Optional. Specifies an attribute that you want to add to the connection request policy. Use profiledata to specify the value of the attribute defined by profileid. In addition, each profileid that you specify can be followed by multiple pairs of parameters named advprofiletype and advprofiledata. The syntax for these parameters is:

    [advprofiletype= ] type [advprofiledata=] data

    You can view the list of available settings attributes at the netsh prompt by running the show crpprofileattributes command.

    See the Remarks section and "NPS attributes" for more information.

  • advprofiletype
    Optional. Specifies an attribute that you want to add to the connection request policy. This parameter is a sub-parameter of and must be preceded by the profileid parameter. Use advprofiledata to add values for the attribute defined with advprofiletype.
  • advprofiledata
    Optional. Specifies the value of the attribute defined with advprofiletype. This parameter is a sub-parameter of and must be preceded by the profileid parameter. In addition, you must specify advprofiletype when you use advprofiledata.
  • profiledata
    Optional. Specifies the value of the attribute defined with profileid. For example, if the attribute specified in profileid is NP-Authentication-Type (0x1009), the value of profiledata might be 0x3 (MS-CHAP v1) or 0x4 (MS-CHAP v2). In cases where multiple values are allowed for an attribute, they can be listed:

    profileid = "0x1009" profiledata = "0x3" profiledata = "0x4" profiledata = "0x9" profiledata = "0xa"

Example

The following example adds a connection request policy named Test CRP to the NPS server configuration. The policy is enabled, is positioned first in processing order, and has an unspecified policy source. In addition, Day and Time Restrictions and IPv4 input filters are configured.

add crp name = "Test CRP" state = "ENABLE" processingorder = "1" policysource = "0" conditionid ="0x1006" conditiondata = "0 00:00-24:00; 1 00:00-24:00" profileid = "0x1025" profiledata = "0x1" profileid = "0x1045" advprofiletype = "IPFILTER_IPV4INFILTER" advprofiledata = "PERMIT,123.123.123.0,255.255.255.0,0,0,0"

Remarks on policysource

For policysource, valid values are:

ID Policy Source

0

Unspecified (default).

1

Terminal Server Gateway.

2

Remote Access Server (VPN or Dial up).

3

DHCP server.

4

Wireless Access Point.

5

Health Registration Authority.

Remarks on configuring IP filters

You can use the profileid, advprofiletype, and advprofiledata parameters to configure IP filters for the connection request policy that you want to add. For more information, see the section "Configuring IP filters with Netsh NPS commands."

delete crp

Deletes the specified connection request policy.

Syntax

delete crp [ name = ] name

Parameters

  • name
    Required. Specifies the name of the connection request policy that you want to delete.

Example

The following examples delete a connection request policy named "CRP1" from the NPS server configuration.

delete crp name = CRP1

delete crp CRP1

rename crp

Changes the name of a connection request policy.

Syntax

rename crp [ name = ] name [ newname = ] newname

Parameters

  • name
    Required. Specifies the friendly name of the connection request policy that you want to rename.
  • newname
    Required. Specifies the new name for the connection request policy.

Examples

The following examples rename a connection request policy from CRP1 to CRP2. The examples demonstrate that the command can be run with the parameter tags, such as name=, and without them.

rename crp name = CRP1 newname = CRP2

rename crp CRP1 CRP2

reset crp

Deletes all connection request policies that are configured in NPS and restores the default connection request policy.

Warning

Do not run this command if you want to maintain any of the connection request policies that you have configured at the NPS server. This command deletes all connection request policies that you have configured, and after running this command, your connection request policies cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file.

Syntax

reset crp

set crp

Changes the value of one or more properties of an existing connection request policy. Values specified by this command overwrite the existing values.

Syntax

set crp [ name = ] name [ [ state = ] ENABLE|DISABLE [ processingorder = ] processingorder [ policysource = ] policysource [ conditionid = ] conditionid [ conditiondata = ] conditiondata [ profileid = ] profileid [ profiledata = ] profiledata ]

Parameters

  • name
    Required. Specifies the name of the connection request policy that you want to add.
  • state
    Optional. Specifies whether the policy is enabled or disabled. The default is enabled.
  • processingorder
    Optional. Specifies the numeric position of this policy in the list of policies configured on the NPS. Policies highest in the list (for example, at first position) are processed by NPS first. Policies added at positions above other policies cause the positions of the other policies to drop in the list by one position. If processingorder is not specified, the policy is added at the end of the list.
  • policysource
    Optional. Specifies the type of RADIUS client that can send connection requests that match this policy. An integer value of zero through five must be used to designate the type of RADIUS client that is allowed for the policy. The default value of 0 allows connection requests from any type of RADIUS client. See the Remarks section for more information.
  • conditionid
    Optional. Specifies the condition name or ID that you want to configure in this connection request policy.

    You can view the list of available condition attributes at the netsh prompt by running the show crpconditionattributes command. See the section "NPS attributes" for more information.

  • profileid
    Optional. Specifies an attribute that you want to add to the connection request policy. Use profiledata to specify the value of the attribute defined by profileid. In addition, each profileid that you specify can be followed by multiple pairs of parameters named advprofiletype and advprofiledata. The syntax for these parameters is:

    [advprofiletype= ] type [advprofiledata=] data

    You can view the list of available settings attributes at the netsh prompt by running the show crpprofileattributes command.

    See the Remarks section and "NPS attributes" for more information.

  • advprofiletype
    Optional. Specifies an attribute that you want to add to the connection request policy. This parameter is a sub-parameter of and must be preceded by the profileid parameter. Use advprofiledata to add values for the attribute defined with advprofiletype.
  • advprofiledata
    Optional. Specifies the value of the attribute defined with advprofiletype. This parameter is a sub-parameter of and must be preceded by the profileid parameter. In addition, you must specify advprofiletype when you use advprofiledata.
  • profiledata
    Optional. Specifies the value of the attribute defined with profileid. For example, if the attribute specified in profileid is NP-Authentication-Type (0x1009), the value of profiledata might be 0x3 (MS-CHAP v1) or 0x4 (MS-CHAP v2). In cases where multiple values are allowed for an attribute, they can be listed:

    profileid = "0x1009" profiledata = "0x3" profiledata = "0x4" profiledata = "0x9" profiledata = "0xa"

Remarks on policysource

For policysource, valid values are:

ID Policy Source

0

Unspecified (default)

1

Terminal Server Gateway

2

Remote Access Server (VPN or Dial-up)

3

DHCP server

4

Wireless Access Point

5

Health Registration Authority

Remarks on configuring IP filters

You can use the profileid, advprofiletype, and advprofiledata parameters to configure IP filters for the connection request policy that you want to modify. For more information, see the section "Configuring IP filters with Netsh NPS commands."

show crp

Displays all of the conditions that can be applied to a connection request policy and exposes the full range of configuration options for each condition.

Syntax

show crp

show crpconditionattributes

Displays all of the attributes that can be applied to the conditions of a connection request policy.

Syntax

show crpconditionattributes

show crpprofileattributes

Displays all of the attributes that can be added to the settings of a connection request policy and returned to a network access server when the conditions of the policy are met by the connection request.

Syntax

show crpprofileattributes

See Also

Concepts

NPS Server Commands
RADIUS Client Commands
Remote RADIUS Server Group Commands
Network Policy Commands
Network Access Protection Commands for NPS
Accounting Commands
Configuring IP Filters with Netsh NPS Commands
NPS Attributes