Set-DAClient
Set-DAClient
Configures the properties related to a DirectAccess (DA) client.
Syntax
Parameter Set: Set1
Set-DAClient [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Downlevel <String> ] [-ForceTunnel <String> ] [-OnlyRemoteComputers <String> ] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-DAClient cmdlet configures the properties related to a DirectAccess (DA) client.
The DA client properties consist of the following.
-- Force tunneling.
-- Support for down-level clients.
-- Support for remote computers only.
The DA client configuration is a global configuration and is applicable to all of the client computers in the DA deployment.
Parameters
-AsJob
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-CimSession<CimSession[]>
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ComputerName<String>
Specifies the IPv4 or IPv6 address, or host name, of the computer on which the Remote Access server computer specific tasks should be run.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Downlevel<String>
Specifies that the appropriate policies should be deployed on down-level clients () clients for allowing connection to a Windows Server® 2012 DA server. The acceptable values for this parameter are: Enabled or Disabled.
This parameter can be configured only when multi-site is not deployed. If a user tries to configure it in a multi-site deployment, then this cmdlet displays an error.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ForceTunnel<String>
Specifies that force tunneling should be enabled or disabled. The acceptable values for this parameter are: Enabled or Disabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByPropertyName) |
Accept Wildcard Characters? |
false |
-OnlyRemoteComputers<String>
Allows a user to enable or disable deployment of DA only on remote computers such as laptops and notebooks. The acceptable values for this parameter are: Enabled or Disabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByPropertyName) |
Accept Wildcard Characters? |
false |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ThrottleLimit<Int32>
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0
is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
- None
Outputs
The output type is the type of the objects that the cmdlet emits.
Microsoft.Management.Infrastructure.CimInstance#DAClientSettings
The
Microsoft.Management.Infrastructure.CimInstance
object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#
) provides the namespace and class name for the underlying WMI object.
The DAClientSettings object contains the following properties:
-- The status of force tunneling.
-- The NRPT object (for force tunnel properties).
-- The status of the policy to deploy DA only on laptops and notebooks and not on all computers in the domain.
-- The status of whether appropriate policies should be deployed on down-level clients (Windows® 7) to enable them to connect to the Windows Server 2012 DA server.
Examples
EXAMPLE 1
This example configures DA only for remote laptops and computers and mandatorily route traffic through the corporate network. A default Name Resolution Policy Table (NRPT) entry is added to indicate that all traffic to any suffix should be sent to the corporate network. This is a global setting and will be applied across clients.
PS C:\> Set-DAClient -ForceTunnel "Enabled" -OnlyRemoteComputers "Enabled" -PassThru
EXAMPLE 2
This example enables Windows® 7 clients to connect to the corporate networking over DA. There are multiple steps involved in achieving this configuration. By default PKI is disabled during DA installation and it needs to be enabled. This is achieved by provisioning an IPsec root certificate on the DA server using the Set-DAServer cmdlet. The enterprise needs to have a certification authority (CA) which will provision this certificate for all domain joint computers. The first two steps list out the certificates present in the root certificate store of the server computer and pick an appropriate one. In this case it happens to be the 13th certificate in the list. This certificate is then assigned as the IPsec root certificate to enable PKI. Once this is done the Down-level parameter in this cmdlet is set to Enabled to enable DA for Windows® 7 clients. This causes appropriate policies to be configured on Windows® 7 computer only.
PS C:\> $certs = Get-ChildItem –Path Cert:\LocalMachine\Root
PS C:\> $IPSecRootCert = $certs[13]
PS C:\> Set-DAServer -IPSecRootCertificate $IPSecRootCert -UserAuthentication TwoFactor
PS C:\> Set-DAClient -Downlevel "Enabled"