Quantcast
Viewing all articles
Browse latest Browse all 729

Updated Wiki: Set-CertificateTemplateAcl

[This command requires installed Remote Server Administration Tools (RSAT)]

Name

Set-CertificateTemplateAcl

SYNOPSIS

Changes the security descriptor of a certificate template.

SYNTAX

Set-CertificateTemplateAcl [-InputObject] <SecurityDescriptor[]> [<CommonParameters>]

DESCRIPTION

The Set-CertificateTemplateAcl cmdlet writes the security descriptor of a specified certificate template to the actual certificate template object, to match the values in a security descriptor that you supply.

Note: in order to edit certificate template ACL, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' Active Directory container.

PARAMETERS

-InputObject<SecurityDescriptor[]>

Specifies an ACL object of certificate template. This object can be retrieved by runningAdd-CertificateTemplateAcl or Remove-CertificateTemplateAcl cmdlet.

Required?True
Position?0
Default value 
Accept pipeline input?true (ByValue, ByPropertyName)
Accept wildcard characters?False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
bout_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

PKI.Security.SecurityDescriptor

OUTPUTS

PKI.Security.SecurityDescriptor

NOTES

Author: Vadims Podans
Blog: http://en-us.sysadmins.lv

EXAMPLES

-------------- Example 1 --------------

PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplate | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll

This commands adds 'WebServerGroup' security group to the certificate template 'WebServer' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.

-------------- Example 2 --------------

PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl

This commands removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).

RELATED LINKS

Get-CertificateTemplate
Get-CertificateTemplateAcl
Add-CertificateTemplateAcl
Remove-CertificateTemplateAcl

PowerShell Requirements

  • PowerShell 2.0

Operating System Requirements

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Viewing all articles
Browse latest Browse all 729

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>