Install-AdcsNetworkDeviceEnrollmentService

Windows Server 2012 R2 and Windows 8.1

Install-AdcsNetworkDeviceEnrollmentService

Installs Network Device Enrollment Service

구문

Parameter Set: DefaultParameterSet
Install-AdcsNetworkDeviceEnrollmentService [-ApplicationPoolIdentity] [-CAConfig <String> ] [-Credential <PSCredential> ] [-EncryptionKeyLength <Int32> ] [-EncryptionProviderName <String> ] [-Force] [-RACity <String> ] [-RACompany <String> ] [-RACountry <String> ] [-RADepartment <String> ] [-RAEmail <String> ] [-RAName <String> ] [-RAState <String> ] [-SigningKeyLength <Int32> ] [-SigningProviderName <String> ] [ <CommonParameters>]

Parameter Set: ServiceAccountParameterSet
Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <String> -ServiceAccountPassword <SecureString> [-CAConfig <String> ] [-Credential <PSCredential> ] [-EncryptionKeyLength <Int32> ] [-EncryptionProviderName <String> ] [-Force] [-RACity <String> ] [-RACompany <String> ] [-RACountry <String> ] [-RADepartment <String> ] [-RAEmail <String> ] [-RAName <String> ] [-RAState <String> ] [-SigningKeyLength <Int32> ] [-SigningProviderName <String> ] [ <CommonParameters>]




자세한 설명

The Install-AdcsNetworkDeviceEnrollmentService cmdlet performs the configuration of the Network Device Enrollment Service (NDES) role service.

To remove the NDES role service, use the Uninstall-AdcsNetworkDeviceEnrollmentService cmdlet

You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Device-Enrollment

Int is equivalent to Int32 in the .NET Framework (http://msdn.microsoft.com/en-us/library/ya5y69ds.aspx).

매개 변수

-ApplicationPoolIdentity

Specifies the identity that the Network Device Enrollment Service (NDES) will use when communicating with the certification authority (CA). This parameter is only valid when NDES is using a remote CA. If the CA is local, the application pool identity account cannot be used.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-CAConfig<String>

Specifies remote certification authority (CA) that the Network Device Enrollment Service uses. This parameter is mandatory when used within the ApplicationPoolIdentity parameter. Do not use this parameter when a local CA is installed.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Credential<PSCredential>

The Network Device Enrollment Service (NDES) must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain. If NDES is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If NDES is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-EncryptionKeyLength<Int32>

Specifies the encryption key length. This option is not valid if you use existing keys during installation.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-EncryptionProviderName<String>

Specifies the name of the encryption provider, such as the name of cryptographic service provider (CSP).


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Force

사용자 확인을 요구하지 않고 명령을 실행합니다.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

-RACity<String>

Specifies the city of the registration authority.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-RACompany<String>

Specifies the organization or company that the registration authority represents.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-RACountry<String>

Specifies the country of the registration authority.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-RADepartment<String>

Specifies the department of the registration authority.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-RAEmail<String>

Specifies the email address of the registration authority.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-RAName<String>

Specifies the name of the Network Device Enrollment Service registration authority.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-RAState<String>

Specifies the state or province (geographical political boundary), if applicable, of the registration authority.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-ServiceAccountName<String>

Specifies the name of the account that is used by the Network Device Enrollment Service.


별칭

없음

필수 여부

true

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-ServiceAccountPassword<SecureString>

Specifies the password of the service account that is used by the Network Device Enrollment Service.


별칭

없음

필수 여부

true

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-SigningKeyLength<Int32>

Specifies the signing key length.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-SigningProviderName<String>

Specifies the name of the signing device.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

<CommonParameters>

이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(http://go.microsoft.com/fwlink/p/?LinkID=113216).

입력

입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.

  • bool, int, string, string, string, string, string, string, string, string, string, SecurePassword, int, string

출력

출력 유형은 cmdlet이 내보내는 개체의 유형입니다.

  • Microsoft.CertificateServices.Deployment.Commands.NDES.NetworkDeviceEnrollmentServiceResult

참고

  • Ensure you run Windows PowerShell as an administrator. You can use the -f switch to bypass the prompt for confirmation.
    To see parameters, run the following command: install-AdcsNetworkDeviceEnrollmentService -?

예제

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

This command displays the default Network Device Enrollment Service settings when the service is running as the default application identity without making any changes to the configuration.


C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -WhatIf

-------------------------- EXAMPLE 2 --------------------------

Description

-----------

This command displays the default settings when NDES is using a service account without making any changes to the configuration. This command assumes that the <Domain>\<AccountName> service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.


C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName <Domain>\<AccountName> -ServiceAccountPassword (read-host "Set user password" -assecurestring) -WhatIf

-------------------------- EXAMPLE 3 --------------------------

Description

-----------

This command installs the Network Device Enrollment Service using the application pool identity to use a remote CA as specified by the CA computer <CACompterName>\<CACommonName>. Substitute the appropriate CA computer name and common name for <CAComputerName> and <CACommonName>.


C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ApplicationPoolIdentity -CAConfig <CAComputerName>\<CACommonName>

-------------------------- EXAMPLE 4 --------------------------

Description

-----------

This command installs the Network Device Enrollment Service using a specific service account, which is indicated by <Domain>\<AccountName>. The command also specifies several non-default parameters. The example assumes that the <Domain>\<AccountName> user/service account is a member of the local machine's IIS_USRS group. Substitute the domain name for <Domain> and the user account name for <AccountName>.


C:\PS>Install-AdcsNetworkDeviceEnrollmentService -ServiceAccountName MyDomain\AccountName -ServiceAccountPassword (read-host "Set user password" -assecurestring) -CAConfig "CAMachineName\CAName" -RAName "Contoso-NDES-RA" -RACountry "US" -RACompany "Contoso" -SigningProviderName "Microsoft Strong Cryptographic Provider" -SigningKeyLength 4096 -EncryptionProviderName "Microsoft Strong Cryptographic Provider" -EncryptionKeyLength 4096

관련 항목

커뮤니티 추가 항목

추가
표시: