Install-AdcsNetworkDeviceEnrollmentService
Install-AdcsNetworkDeviceEnrollmentService
Installs Network Device Enrollment Service
구문
Parameter Set: DefaultParameterSet
Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity] [-CAConfig <String> ] [-Credential <PSCredential> ] [-EncryptionKeyLength <Int32> ] [-EncryptionProviderName <String> ] [-Force] [-RACity <String> ] [-RACompany <String> ] [-RACountry <String> ] [-RADepartment <String> ] [-RAEmail <String> ] [-RAName <String> ] [-RAState <String> ] [-SigningKeyLength <Int32> ] [-SigningProviderName <String> ] [ <CommonParameters>]
Parameter Set: ServiceAccountParameterSet
Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <String> -ServiceAccountPassword <SecureString> [-CAConfig <String> ] [-Credential <PSCredential> ] [-EncryptionKeyLength <Int32> ] [-EncryptionProviderName <String> ] [-Force] [-RACity <String> ] [-RACompany <String> ] [-RACountry <String> ] [-RADepartment <String> ] [-RAEmail <String> ] [-RAName <String> ] [-RAState <String> ] [-SigningKeyLength <Int32> ] [-SigningProviderName <String> ] [ <CommonParameters>]
자세한 설명
The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network Device Enrollment Service (NDES) role service.
To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet
You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Device-Enrollment
Int is equivalent to Int32 in the .NET Framework (https://msdn.microsoft.com/en-us/library/ya5y69ds.aspx).
매개 변수
-ApplicationPoolIdentity
Specifies the identity that the Network Device Enrollment Service (NDES) will use when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-CAConfig<String>
Specifies remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-Credential<PSCredential>
The Network Device Enrollment Service (NDES) must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If NDES is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-EncryptionKeyLength<Int32>
Specifies the encryption key length. This option is not valid if you use existing keys during installation.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-EncryptionProviderName<String>
Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-Force
사용자 확인을 요구하지 않고 명령을 실행합니다.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-RACity<String>
Specifies the city of the registration authority.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-RACompany<String>
Specifies the organization or company that the registration authority represents.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-RACountry<String>
Specifies the country of the registration authority.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-RADepartment<String>
Specifies the department of the registration authority.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-RAEmail<String>
Specifies the email address of the registration authority.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-RAName<String>
Specifies the name of the Network Device Enrollment Service registration authority.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-RAState<String>
Specifies the state or province (geographical political boundary), if applicable, of the registration authority.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-ServiceAccountName<String>
Specifies the name of the account that is used by the Network Device Enrollment Service.
별칭 |
없음 |
필수 여부 |
true |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-ServiceAccountPassword<SecureString>
Specifies the password of the service account that is used by the Network Device Enrollment Service.
별칭 |
없음 |
필수 여부 |
true |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-SigningKeyLength<Int32>
Specifies the signing key length.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
-SigningProviderName<String>
Specifies the name of the signing device.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
true (ByPropertyName) |
와일드카드 문자 허용 여부 |
false |
<CommonParameters>
이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).
입력
입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.
- bool, int, string, string, string, string, string, string, string, string, string, SecurePassword, int, string
출력
출력 유형은 cmdlet이 내보내는 개체의 유형입니다.
- Microsoft.CertificateServices.Deployment.Commands.NDES.NetworkDeviceEnrollmentServiceResult
참고
- Ensure you run Windows PowerShell as an administrator. You can use the -f switch to bypass the prompt for confirmation.
To see parameters, run the following command: install-AdcsNetworkDeviceEnrollmentService -?
예제
-------------------------- EXAMPLE 1 --------------------------
Description
-----------
This command displays the default Network Device Enrollment Service settings when the service is running as the default application identity without making any changes to the configuration.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf
-------------------------- EXAMPLE 2 --------------------------
Description
-----------
This command displays the default settings when NDES is using a service account without making any changes to the configuration. This command assumes that the <Domain>\<AccountName> service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <Domain>\<AccountName> -ServiceAccountPassword (read-host "Set user password" -assecurestring) -WhatIf
-------------------------- EXAMPLE 3 --------------------------
Description
-----------
This command installs the Network Device Enrollment Service using the application pool identity to use a remote CA as specified by the CA computer <CACompterName>\<CACommonName>. Substitute the appropriate CA computer name and common name for <CAComputerName> and <CACommonName>.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -CAConfig <CAComputerName>\<CACommonName>
-------------------------- EXAMPLE 4 --------------------------
Description
-----------
This command installs the Network Device Enrollment Service using a specific service account, which is indicated by <Domain>\<AccountName>. The command also specifies several non-default parameters. The example assumes that the <Domain>\<AccountName> user/service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.
C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName MyDomain\AccountName -ServiceAccountPassword (read-host "Set user password" -assecurestring) -CAConfig "CAMachineName\CAName" -RAName "Contoso-NDES-RA" -RACountry "US" -RACompany "Contoso" -SigningProviderName "Microsoft Strong Cryptographic Provider" -SigningKeyLength 4096 -EncryptionProviderName "Microsoft Strong Cryptographic Provider" -EncryptionKeyLength 4096