Set-EnrollmentConfig

  • Article

2/9/2009

The Set-EnrollmentConfig cmdlet updates the current configuration of the Enrollment service by using the provided values.

Syntax

Set-EnrollmentConfig [-ActivateVPNbyDefault] [-CertificationAuthority <string>] [-EmailBodyTemplate <string>] [-EmailSender <string>] [-EmailSubject <string>] [-Enabled] [-ExpirePasswordAfter <TimeSpan>] [-ForceEnroll] [-GatewayUri <string>] [-PasswordCharacters <int>] [-SetPasswordLength <int>] [-SmtpServer <string>] [-UsageAttemptLimit <int>] [-confirm] [-whatif] [<CommonParameters>]

Set-EnrollmentConfig [-Config <EnrollmentConfig>] [-confirm] [-whatif] [<CommonParameters>]

Parameters

The following describes the Set-EnrollmentConfig cmdlet parameters.

  • Config <EnrollmentConfig>
    Accepts an EnrollmentConfig object as input.
  • ActivateVPNbyDefault
    Specifies whether enrolled devices will connect to the company network by default through the VPN connection to MDM Gateway Server. May be set to true, -ActivateVPNbyDefault or -ActivateVPNbyDefault:$true; or false, -ActivateVPNbyDefault:$false. The default value is true.
  • CertificationAuthority <String>
    Specifies the name of the server and the instance of the enrollment certification authority. The server name and instance name are specified, separated by a backslash (\). For example, server\instance.
  • Enabled
    Specifies whether the Enrollment service should allow existing pending requests to be processed.
  • ForceEnroll
    Specifies whether a device will prompt the user when it connects to MDM Enrollment Server. If the parameter is set to true, -ForceEnroll or -ForceEnroll:$true, then, when the device discovers or connects to MDM Enrollment Server, the user is prompted for the enrollment password. If the parameter is set to false, -ForceEnroll:$false, the user is prompted only if a pre-enrollment record exists for the e-mail address specified by the user in the domain enrollment client on the device. The default setting is false.
  • GatewayUri <String>
    Specifies the name, IP address, or Domain Name System (DNS) name of the virtual private network (VPN) gateway. This must be an address available from the public Internet. Specify an empty string if managed devices will be connecting to Mobile Device Manager Device Management Server directly by using the local area network (LAN) or wireless local area network (WLAN), instead of connecting through MDM Gateway Server.

  • UsageAttemptLimit <Int32>
    Specifies a limit on the number of times a user can access MDM Enrollment Server to attempt to complete an enrollment request from a Windows Mobile device. If the user exceeds this limit, then an error message is displayed, the enrollment request is invalidated, and a new enrollment request must be created to enroll the device. Setting this limit may help prevent automated attempts at discovering the enrollment password.

    To complete an enrollment request the device accesses MDM Enrollment Server two times, so you should specify a value for UsageAttemptLimit that is twice the limit you want to set for users. For example, if you set UsageAttemptLimit to 10, then users are limited to five attempts at enrolling a device. The default value is 20.

  • PasswordCharacters <Int32>
    Specifies the character set used to generate the enrollment password. Values:

    0: Letters

    1: Numbers

    2: Both letters and numbers (alphanumeric)

  • SetPasswordLength <Int32>
    Specifies the length of the auto-generated enrollment password.
  • ExpirePasswordAfter <TimeSpan>
    Specifies the time during which an auto-generated enrollment password is valid. If the value contains a space or other special characters, enclose the string in quotation marks.
  • SmtpServer <String>
    Specifies the simple mail transfer protocol (SMTP) server that is used to send a new enrollment e-mail message to a device owner. This message is sent when a device is newly enrolled. The server may be specified as hostname, or hostname:port.
  • EmailSender <String>
    Specifies the e-mail account from which the new enrollment e-mail message is sent.
  • EmailSubject <String>
    Specifies the subject text of the new enrollment e-mail message.

  • EmailBodyTemplate <String>
    Specifies the text to use in the body of the new enrollment e-mail message. The enrollment ID, enrollment password, and enrollment password expiration time will be added automatically to the end of the message. The device owner needs this information to complete the enrollment of the device. The following is an example e-mail message:

    Your Windows Mobile device has been enabled for enrollment to System Center Mobile Device Manager. Enter the following details when prompted by the device enrollment client:

  • WhatIf
    Informs you of what changes would be made if the action were to be performed (the cmdlet is not executed).
  • Confirm
    Prompts you for confirmation before the cmdlet executes.
  • CommonParameters
    This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, and -OutVariable. For more information, at the MDM Shell prompt, type, get-help about_commonparameters.

Input Type

The Set-EnrollmentConfig cmdlet accepts an EnrollmentConfig object. To see all the properties for this object, at the MDM Shell prompt, type Get-EnrollmentConfig | Get-Member.

Output Type

The Set-EnrollmentConfig cmdlet returns an EnrollmentConfig object. To see all the properties for this object, at the MDM Shell prompt, type Set-EnrollmentConfig | Get-Member.

Examples

This Set-EnrollmentConfig command example prevents new enrollment requests from creating, and stops pending requests from processing.

C:\PS>Set-EnrollmentConfig -Enabled:$false

This Set-EnrollmentConfig command example specifies that auto-generated enrollment passwords are to be alphanumeric, 12 characters long, and expire after 20 minutes.

C:\PS>Set-EnrollmentConfig -PasswordCharacters 2 -SetPasswordLength 12 -ExpirePasswordAfter "00:20:00"

This Set-EnrollmentConfig command example configures the settings for the new enrollment e-mail message, specifies the SMTP server to use, the e-mail address of the sender, the subject line, and the message body text.

C:\PS>Set-EnrollmentConfig -SmtpServer "hostserver:888" -EmailSender "admin@microsoft.com" -EmailSubject "New device enrollment" -EmailBodyTemplate "Your Windows Mobile device has been enabled for enrollment to Mobile Device Manager. Enter the following details when prompted by the device enrollment client:"

Cmdlet Help

To view this information online, at the MDM Shell prompt, type:

get-help Set-EnrollmentConfig -detailed, or get-help Set-EnrollmentConfig -full

See Also

Reference

Get-EnrollmentConfig