Set-CertificateAutoEnrollmentPolicy
Set-CertificateAutoEnrollmentPolicy
Sets local certificate auto-enrollment policy.
構文
Parameter Set: EnableAll
Set-CertificateAutoEnrollmentPolicy -context <Context> {Machine | User} -EnableAll [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: EnableSeparately
Set-CertificateAutoEnrollmentPolicy -context <Context> {Machine | User} -PolicyState <PolicySetting> {Disabled | Enabled | NotConfigured} [-EnableBalloonNotifications] [-EnableMyStoreManagement] [-EnableTemplateCheck] [-ExpirationPercentage <Int32> ] [-StoreName <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
詳細説明
The Set-CertificateAutoEnrollmentPolicy cmdlet configures local certificate auto-enrollment policy for a user or computer. The auto-enrollment policy can also be configured by using the Local Security Policy console. These settings can be found in the following location.
-- \Security Settings\Public Key Policies\Certificate Services Client - Auto-Enrollment
.
Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.
パラメーター
-context<Context>
Specifies whether to set certificate auto-enrollment policy for the user or computer context.
Aliases |
none |
必須/オプション |
true |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-EnableAll
Enables all of the auto-enrollment policy settings and sets the value for the expiration percentage to 10 percent. If this parameter is enabled, then only the Context parameter is required and all other parameters are optional.
Aliases |
none |
必須/オプション |
true |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-EnableBalloonNotifications
Enables the Expiration balloon notifications option for the certificate auto-enrollment policy.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
True (ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-EnableMyStoreManagement
Enables the Renew expired certificates, update pending certificates, and remove revoked certificates option for the certificate auto-enrollment policy.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
True (ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-EnableTemplateCheck
Verifies that existing certificates are based on the most recent version of a certificate template and updates them if they are not.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
True (ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-ExpirationPercentage<Int32>
Sets the percentage of the certificate lifetime at which close-to-expiration events are logged and auto-enrollment notifications start to appear.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
True (ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-PolicyState<PolicySetting>
Specifies the state of the certificate auto-enrollment policy configuration.
Aliases |
none |
必須/オプション |
true |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
True (ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-StoreName<String[]>
Specifies additional comma separated certificate stores to monitor for certificates that have expired or are expiring. The MY store is always monitored.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
True (ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-Confirm
コマンドレットを実行する前に確認メッセージを表示します。
必須/オプション |
false |
位置 |
named |
既定値 |
false |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-WhatIf
コマンドレットが実行された場合に何が起きるのかを示します。コマンドレットは実行されません。
必須/オプション |
false |
位置 |
named |
既定値 |
false |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
<CommonParameters>
このコマンドレットは共通のパラメーターをサポートしています(-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer、および -OutVariable)。詳細については、TechNet の「 「about_CommonParameters」 (https://go.microsoft.com/fwlink/p/?LinkID=113216) を参照してください。
入力
入力型は、コマンドレットにパイプできるオブジェクトの型です。
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties.
出力
出力型は、コマンドレットが出力するオブジェクトの型です。
Microsoft.CertificateServices.Commands.AutoEnrollmentPolicy
The AutoEnrollmentPolicy object combines certificate auto-enrollment policy settings and exposes them as properties. Each property can be modified and piped into this cmdlet to be applied.
使用例
EXAMPLE 1
This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificates templates options enabled.
PS C:\> Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -Context User
EXAMPLE 2
This example sets local computer certificate auto-enrollment policy to Not Configured.
PS C:\> Set-CertificateAutoEnrollmentPolicy -PolicyState NotConfigured -Context Machine
EXAMPLE 3
This example enables local computer certificate auto-enrollment policy with the Expiration notifications option enabled and set to 15 percent of the certificate lifetime. This cmdlet also configures the Remote Desktop certificate store as an additional store to be monitored for certificate expiration.
PS C:\> Set-CertificateAutoEnrollmentPolicy -ExpirationPercentage 15 -PolicyState Enabled -EnableExpirationNotification -Context Machine -StoreName "Remote Desktop"
EXAMPLE 4
This example performs the same task in two ways.
The example in detail.
PS C:\> Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -EnableExpirationNotification -ExpirationPercentage 10 -Context User
The concise version of the same example.
PS C:\> Set-ACertificateutoEnrollmentPolicy -EnableAll -Context User