Partager via


Set-RemoteAccessAccounting

Set-RemoteAccessAccounting

Sets the enabled state for inbox and RADIUS accounting for both external RADIUS and Windows accounting and configures the settings when enabled.

Syntax

Parameter Set: EnableAccounting
Set-RemoteAccessAccounting [-EnableAccountingType] <String> [-AccountingOnOffMsg <String> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-PassThru] [-RadiusPort <UInt16> ] [-RadiusScore <Byte> ] [-RadiusServer <String> ] [-RadiusTimeout <UInt32> ] [-SharedSecret <String> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: DisableAccounting
Set-RemoteAccessAccounting -DisableAccountingType <String> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-RemoteAccessAccounting cmdlet sets the enabled state for inbox and RADIUS accounting for both external RADIUS and Windows accounting and configures the settings when enabled.

The accounting configuration is globally applicable, such as if a particular kind of accounting is Enabled or Disabled, then that particular kind of accounting is Enabled or Disabled on all Remote Access (RA) servers in the corporate network. The associated configuration is also applicable for all of the corporate network.
-- All RA servers have the same configured accounting RADIUS servers.
-- The default limit set for the inbox accounting store size is the same on all RA servers.

Therefore, this cmdlet is not impacted by a multi-site deployment.

Both inbox accounting and RADIUS accounting can be active at the same time. RADIUS accounting includes Windows accounting, external RADIUS accounting and accounting on the local Network Policy Server (NPS), but only one type of accounting can be active at any time. The RadiusServer, SharedSecret, RadiusPort, RadiusScore, RadiusTimeout, and AccountingOnOffMsg parameters are applicable only when RADIUS accounting is Enabled and cannot be specified when inbox accounting is Enabled.

The following is the behavior associated with enabling External RADIUS accounting.
-- If there is a VPN deployment with accounting enabled and if DirectAccess (DA) is installed on the same RA server then accounting is automatically enabled for DA also and the configuration remains unchanged. Note: If Windows Accounting is enabled for VPN, then it will not work for DA as this is not a supported configuration for DA. For accounting to work for DA in this scenario either NPS needs to be installed locally or an external RADIUS server needs to be configured for accounting. The external radius server can be added using the Add-RemoteAccessRadius cmdlet.
-- If user does not specify a RADIUS server then this cmdlet automatically configures Windows accounting: Note: In this scenario, for accounting to work for DA, NPS needs to be installed on the RA server.

Switching from Windows Accounting to external RADIUS accounting and switching from external RADIUS accounting to Windows Accounting.
-- If the current configuration is Windows accounting a user can switch to external RADIUS accounting by doing one of the following:
---- Run the same cmdlet to enable RADIUS accounting and specify an external RADIUS server
---- Add an external RADIUS server using the Add-RemoteAccessRadius cmdlet. This enables RADIUS accounting without running this cmdlet.
-- A user can switch back to Windows accounting by deleting all the configured external RADIUS servers.

Parameters

-AccountingOnOffMsg<String>

Specifies the enabled state for the sending of accounting on and off messages. The acceptable values for this parameter are:
-- Enabled.
-- Disabled.
The default value is Disabled.

Aliases

none

Required?

false

Position?

named

Default Value

Disable

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AsJob

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ComputerName<String>

Specifies the IPv4 or IPv6 address, or host name, of the computer on which the RA server computer specific tasks should be run.

Aliases

Cn

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DisableAccountingType<String>

Indicates the accounting type that has to be disabled. The acceptable values for this parameter are:
-- Inbox.
-- ExternalRadius.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableAccountingType<String>

Indicates the accounting type that needs to be enabled. The acceptable values for this parameter are:
-- Inbox: The store size is set to 12 months automatically. The Set-RemoteAccessInboxAccountingStore cmdlet is used to change the store size on individual RA servers.
-- ExternalRadius: Can also be used to enable Windows Accounting or Accounting on the NPS installed locally on the same computer.

Aliases

none

Required?

true

Position?

2

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RadiusPort<UInt16>

Specifies the port number on which the RADIUS server is accepting authentication requests.
The default value is 1813.
This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Aliases

Port

Required?

false

Position?

named

Default Value

1813

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RadiusScore<Byte>

Specifies the initial score.
The default value is 30.
This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Aliases

Score

Required?

false

Position?

named

Default Value

30

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RadiusServer<String>

Specifies the IPv4 or IPv6 address, or host name, of the external RADIUS server that is used for accounting. This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Aliases

ServerName

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RadiusTimeout<UInt32>

The time out value is specified in seconds.
The default value is 5 seconds. This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Aliases

Timeout

Required?

false

Position?

named

Default Value

5

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SharedSecret<String>

Specifies the shared secret between the RA server and the specified external RADIUS server which is required for successful communication between the two servers.
Note: The secret is specified in clear text. This parameter can be configured only if the EnableAccountingType parameter is specified to be ExternalRadius.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Management.Infrastructure.CimInstance#RemoteAccessAccounting

    The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
    The RemoteAccessAccounting object consists of the following properties:
    -- The status of RADIUS accounting (Disabled, Windows, or ExternalRadius) and the list of RADIUS servers in the case of ExternalRadius accounting. If there is no external radius accounting enabled, then the list of Radius servers is empty.
    -- The status of inbox accounting (Enabled or Disabled) and the associated properties.
    -- Time span of the store.
    -- Number of used bytes.
    -- Percentage of used bytes.
    -- Number of free bytes.
    -- Percentage of free bytes.
    -- Time stamp of the first record in the database.
    -- Time stamp of the last record in the database.

Examples

EXAMPLE 1

This example enables inbox accounting for this deployment. The RA server on which this cmdlet is run is specified using the ComputerName parameter.

PS C:\> Set-RemoteAccessAccounting –EnableAccountingType Inbox -ComputerName edge2 –PassThru

The accounting store is configured to retain data for up to 2 years.

PS C:\> Set-RemoteAccessInboxAccountingStore –StoreLimit 2y

EXAMPLE 2

This example configures RA to use RADIUS accounting with configuration parameters.

PS C:\> Set-RemoteAccessAccounting –EnableAccountingType ExternalRadius –RadiusServer radius1.corp.contoso.com –RadiusTimeout 5 –SharedSecret s3cr3t –RadiusPort 1813 –RadiusScore 30

EXAMPLE 3

This example disables RADIUS accounting while still retaining inbox accounting.

PS C:\> Set-RemoteAccessAccounting –DisableAccountingType ExternalRadius

Add-RemoteAccessRadius

Get-RemoteAccessAccounting

Set-RemoteAccessInboxAccountingStore