[This command requires installed Remote Server Administration Tools (RSAT)]
Name
Set-CertificateTemplateAcl
SYNOPSIS
Changes the security descriptor of a certificate template.
SYNTAX
Set-CertificateTemplateAcl [-InputObject] <SecurityDescriptor[]> [<CommonParameters>]
DESCRIPTION
The
Set-CertificateTemplateAcl cmdlet writes the security descriptor of a specified certificate template to the actual certificate template object, to match the values in a security descriptor that you supply.
Note: in order to edit certificate template ACL, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' Active Directory container.
PARAMETERS
-InputObject<SecurityDescriptor[]>
Specifies an ACL object of certificate template. This object can be retrieved by runningAdd-CertificateTemplateAcl or Remove-CertificateTemplateAcl cmdlet.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
bout_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PKI.Security.SecurityDescriptor
OUTPUTS
PKI.Security.SecurityDescriptor
NOTES
Author: Vadims Podans
Blog: http://en-us.sysadmins.lv
EXAMPLES
-------------- Example 1 --------------
PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplate | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll
This commands adds 'WebServerGroup' security group to the certificate template 'WebServer' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.
-------------- Example 2 --------------
PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl
This commands removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).
RELATED LINKS
Get-CertificateTemplate
Get-CertificateTemplateAcl
Add-CertificateTemplateAcl
Remove-CertificateTemplateAcl
PowerShell Requirements
- PowerShell 2.0
Operating System Requirements
- Windows XP
- Windows Vista
- Windows 7
- Windows 8
- Windows 8.1
- Windows Server 2003 all editions
- Windows Server 2008 all editions
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions