Export (0) Print
Expand All

HRA Request Policy Commands

Updated: March 29, 2012

Applies To: Windows Server 2008, Windows Server 2012, Windows Server 2012 R2

This section contains the following commands.

Health Registration Authority (HRA) request policy commands are used to configure security mechanisms that the HRA server uses to communicate with client computers. Settings include asymmetric key algorithms, hash keys algorithms, cryptographic service providers, and HTTP client user agents.

Adds an asymmetric key algorithm to the HRA configuration.

add asymmetrickey [ [ oid = ] oid [ minkeylength = ] minkeylength [ maxkeylength = ] maxkeylength ]

oid
Required. Specifies the object identifier (oid) for the asymmetric key algorithm.

minkeylength
Optional. Specifies the minimum asymmetric key length.

maxkeylength
Optional. Specifies the maximum asymmetric key length.

In the following example, an asymmetric key algorithm is added to the HRA configuration with an object identifier of 1.2.840.113549.1.1.1, a minimum key length of 1024 bytes, and maximum key length of 4096 bytes.

add asymmetrickey oid = "1.2.840.113549.1.1.1" minkeylength = "1024" maxkeylength = "4096"

Deletes an asymmetric key algorithm from the list of allowed asymmetric key algorithms.

delete asymmetrickey [ oid = ] oid

oid
Required. Specifies the object identifier.

In the following example, an asymmetric key algorithm with an object identifier of 1.2.840.113549.1.1.1 is deleted from the HRA configuration.

delete asymmetrickey oid = "1.2.840.113549.1.1.1"

Resets the HRA configuration to use the default asymmetric key algorithm of RSA with a key length of 1024 bits.

reset asymmetrickey

Shows all available asymmetric keys on the HRA server. Use this command to obtain the object identifiers that you can use with the "add asymmetrickey" command.

show asymmetrickeys

Adds a cryptographic service provider (CSP) to the list of allowed CSPs in the HRA configuration.

add csp [ name = ] name

Name
Required. Specifies the name of the CSP you want to add.

In the following example, a CSP with the name of "Microsoft RSA SChannel Cryptographic Provider" is added to the HRA configuration.

add csp name = "Microsoft RSA SChannel Cryptographic Provider"

Deletes a CSP from the list of allowed CSPs.

delete csp [ name = ] name

Name
Required. Specifies the name of the CSP you want to delete.

In the following example, a CSP with the name of "Microsoft RSA SChannel Cryptographic Provider" is deleted from the HRA configuration.

delete csp name = "Microsoft RSA SChannel Cryptographic Provider"

Resets the HRA configuration to use the default CSP of "MS-Enhanced cryptographic service provider."

reset csp

Shows all available CSPs on the HRA server. Use this command to obtain the names of CSPs that you can use with the "add csp" and "delete csp" commands.

show csps

Adds a hash algorithm to the list of allowed hash algorithms in the HRA configuration. You can obtain the hash algorithm object identifier by using the "show hashes" command.

add hash [ oid = ] oid

oid
Required. Specifies the object identifier of the hash algorithm you want to add.

In the following example, a hash algorithm with an object identifier of "1.2.840.113549.1.1.5" is added to the HRA configuration.

add hash oid = "1.2.840.113549.1.1.5"

Deletes a hash algorithm from the list of allowed hashes.

delete hash [ oid = ] oid

oid
Required. Specifies the object identifier of the hash algorithm you want to delete.

In the following example, a hash algorithm with an object identifier of "1.2.840.113549.1.1.5" is deleted from the HRA configuration.

delete hash oid = "1.2.840.113549.1.1.5"

Resets the HRA configuration to use the default hash algorithm of "SHA1."

reset hash

Shows all available hash algorithms on the HRA server. Use this command to obtain the object identifiers that you can use with the "add hash" and "delete hash" commands.

show hashes

Adds a hash algorithm to the list of allowed hash algorithms in the HRA configuration. You can obtain the hash algorithm object identifier by using the "show hashes" command.

CautionCaution
When you run this command for the first time, the default configuration allowing use of any user agent will be overwritten. After specifying user agents with the "add useragent" command, client computers will only be able to communicate with HRA using one of the allowed user agents.

add useragent [ name = ] name

name
Required. Specifies the name of the user agent you want to add.

In the following example, a user agent with the name "NAP IPsec Enforcement v1.0" is added to the HRA configuration.

add useragent name = "NAP IPsec Enforcement v1.0"

Deletes a user agent from the list of allowed agents.

delete useragent [ name = ] name

name
Required. Specifies the name of the user agent you want to delete.

In the following example, a user agent with the name "NAP IPsec Enforcement v1.0" is deleted from the HRA configuration.

delete useragent name = "NAP IPsec Enforcement v1.0"

Resets the HRA user agent configuration to the default value of "ANY."

reset useragent

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft