Export (0) Print
Expand All

Add-CertificateEnrollmentPolicyServer

Windows Server 2012 R2 and Windows 8.1

Updated: March 3, 2014

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

Add-CertificateEnrollmentPolicyServer

Adds an enrollment policy server to the current user or local system configuration.

Syntax

Parameter Set: Default
Add-CertificateEnrollmentPolicyServer -context <Context> {Machine | User} -Url <Uri> [-AutoEnrollmentEnabled] [-Credential <PkiCredential> ] [-NoClobber] [-RequireStrongValidation] [ <CommonParameters>]




Detailed Description

The Add-CertificateEnrollmentPolicyServer cmdlet adds an enrollment policy server to the current user or local system configuration. If an enrollment policy server already exists, then this cmdlet will overwrite it. Group Policy can be configured to prevent enrollment policy servers from being added.

Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.

Parameters

-AutoEnrollmentEnabled

Enables auto-enrollment for the policy server being added.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-context<Context>

Stores information about the policy server in the configuration for the Current User or Local computer.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Credential<PkiCredential>

Specifies the credential used to authenticate to the policy server. This credential can be a PSCredential object, which is a username and password, an x509 certificate, or a path to an x509 certificate. Kerberos authentication is used if no credential is specified.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-NoClobber

Prevents an enrollment policy server from overwriting an existing one.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RequireStrongValidation

Specifies that the certificate obtained through this enrollment policy server must be trusted on the client.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Url<Uri>

Identifies the uniform resource locator (URL) of the enrollment policy server to configure.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • Microsoft.CertificateServices.Commands.EnrollmentPolicyServer

    The EnrollmentPolicyServer object contains information about the certificate enrollment policy.


Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.CertificateServices.Commands.EnrollmentPolicyServer

    The EnrollmentPolicyServer object contains information about the certificate enrollment policy.


Examples

EXAMPLE 1

This example loads a policy from $url using Windows integrated authentication under the computer context, using the computer account credentials. This example also adds the policy server to the local computer configuration. Auto enrollment is off and strong validation is off.


PS C:\> Add-CertificateEnrollmentPolicyServer -Url $url -Context Machine

EXAMPLE 2

This example loads a policy using $cert as the authentication credential and adds the policy to the local computer local configuration since the context is the local computer (Machine).


 

PS C:\> $cert = ( Get-ChildItem -Path cert:\LocalMachine\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF )

 

PS C:\> Add-CertificateEnrollmentPolicyServer -Url $cert.EnrollmentPolicyEndPoint.Url -Credential $cert -Context Machine

EXAMPLE 3

This example loads a policy using the username and password from $url. This example adds the policy server to the local computer configuration.


 

PS C:\> $up = Get-Credential

 

PS C:\> Add-CertificateEnrollmentPolicyServer -Url $url -Context Machine -Credential $up

EXAMPLE 4

This example loads policy using the Path object for a certificate. Use the certificate to authenticate to the URL and add the policy server into the local user configuration.


 

PS C:\> $cert = (Get-ChildItem -Path cert:\CurrentUser\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF)

 

PS C:\> Add-CertificateEnrollmentPolicyServer -Url $cert.EnrollmentPolicyEndPoint.Url -Credential $cert.PSPath -Context Machine

EXAMPLE 5

This example shows that if the policy cannot be loaded or if there is a conflict with an identifier (ID) or URL, then this will be the output.
If the policy server already exists, then the output will state that the existing policy server configuration will be overwritten.


 

PS C:\> $up = Get-Credential

 

PS C:\> Add-CertificateEnrollmentPolicyServer -Url $url -Context User -Credential $up –WhatIf
What if: Policy successfully loaded from {$url} using username/password credentials. 
Policy server configuration will be added to current user context. 

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft