This is the built-in help made by Microsoft for the command 'Copy-NetIPsecRule', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Copies an entire IPsec rule, and the associated filters, to the same or to a different policy store.
Copy-NetIPsecRule [-All [<SwitchParameter>]] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession
<String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Copy-NetIPsecRule [-AllowSetKey <Boolean[]>] [-AllowWatchKey <Boolean[]>] [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>]
[-Description <String[]>] [-DisplayGroup <String[]>] [-Enabled <Enabled[]>] [-EncryptedTunnelBypass <Boolean[]>] [-ForwardPathLifetime
<UInt32[]>] [-GPOSession <String>] [-Group <String[]>] [-InboundSecurity <SecurityPolicy[]>] [-KeyModule <KeyModule[]>] [-Machine <String[]>]
[-Mode <IPsecMode[]>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore <String>] [-OutboundSecurity <SecurityPolicy[]>]
[-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String[]>] [-Phase2AuthSet <String[]>] [-PolicyStore <String>] [-PolicyStoreSource
<String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-QuickModeCryptoSet <String[]>]
[-RemoteTunnelHostname <String[]>] [-RequireAuthorization <Boolean[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] [-User <String[]>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetIPsecPhase1AuthSet <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -DisplayName <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Copy-NetIPsecRule [-IPsecRuleName] <String[]> [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession
<String>] [-NewName <String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>]
[-TracePolicyStore [<SwitchParameter>]] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetIPsecPhase2AuthSet <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetFirewallAddressFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-NewGPOSession <String>] [-NewName <String>] [-NewPolicyStore
<String>] [-PassThru [<SwitchParameter>]] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetIPsecQuickModeCryptoSet <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetFirewallProfile <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetFirewallPortFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetFirewallInterfaceTypeFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Copy-NetIPsecRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-GPOSession <String>] [-NewGPOSession <String>] [-NewName
<String>] [-NewPolicyStore <String>] [-PassThru [<SwitchParameter>]] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore
[<SwitchParameter>]] -AssociatedNetFirewallInterfaceFilter <CimInstance> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
The Copy-NetIPsecRule cmdlet copies an IPsec rule and the associated filters to a policy store, making a complete clone. When a new policy
store is not specified, it is copied to the same policy store with a new name specified by the user.
This cmdlet gets one or more IPsec rules to be duplicated with the IPsecRuleName parameter (default), the DisplayName parameter, rule
properties, or by associated filters or objects. The resulting queried rule is copied to a new policy store using the NewPolicyStore
parameter, a new GPO session using the NewGPOSession parameter, or to the same policy store using the NewName parameter. Note: Only one IPsec
rule can be copied at a time when copying to the same policy store. This is because only a single IPsec rule can use the unique identifier, or
name, specified by the NewName parameter.
When copying a rule to a new policy store, the unique name of the set is preserved. This means that if the same set is attempted to be copied
twice, then an error is displayed for the second attempt indicating that the object already exists. To overwrite the target set, run the
Remove-NetIPsecRule cmdlet first. If it is possible that the object may already exist, then specify the ErrorAction parameter to silently
ignore these errors, instead of running the Remove-NetIPsecRule cmdlet.
When copying rules between different policy stores, the authentication and cryptographic sets referenced in each rule must be copied
separately. See the Copy-NetIPsecPhase1AuthSet, Copy-NetIPsecPhase2AuthSet, and Copy-NetIPsecQuickModeCryptoSet cmdlets for more information.
When copying an IPsec rule that has associated authentication or cryptographic sets from GPO-A to GPO-B, the newly created authentication and
cryptographic set fields of the rule will maintain the IPsecRuleName parameter values of the source. This is desirable because after the sets
are copied separately, the sets will be associated with the newly copied rule.
<
Copy-NetIPsecPhase1AuthSet
Copy-NetIPsecPhase2AuthSet
Copy-NetIPsecQuickModeCryptoSet
Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetIPsecPhase1AuthSet
Get-NetIPsecPhase2AuthSet
Get-NetIPsecQuickModeCryptoSet
Get-NetIPsecRule
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecQuickModeCryptoSet
New-NetIPsecRule
Open-NetGPO
Remove-NetIPsecRule
Save-NetGPO
Set-NetIPsecRule
New-GPO
<
EXAMPLE 1
PS C:\> Copy-NetIPsecRule -DisplayName "IPsec Rule" –NewName "Alternate IPsec Rule"
This example copies an IPsec rule, found by specifying the localized name, to the current policy store under a new unique identifier.
EXAMPLE 2
PS C:\> Copy-NetIPsecRule -Group "Telnet Management" –Enabled False –PolicyStore domain.contoso.com\GPO_name –NewPolicyStore
domain.contoso.com\new_gpo
This example copies a group of IPsec rules that are currently disabled to a new Policy Store.
EXAMPLE 3
PS C:\> $nfwProfile = Get-NetFirewallProfile -Profile Domain –PolicyStore domain.contoso.com\GPO_name
PS C:\> Copy-NetIPsecRule –InputObject $nfwProfile–NewPolicyStore domain.example.com\new_gpo
This is an alternate way to perform the same using only the pipeline.
PS C:\> Get-NetFirewallProfile -Profile Domain –PolicyStore domain.contoso.com\GPO_name | Copy-NetIPsecRule –NewPolicyStore
domain.example.com\new_gpo
This example copies all domain IPsec rules to a new policy store.
EXAMPLE 4
PS C:\> $mMrule = Get-NetIPsecMainModeRule –DisplayName "Main Mode Rule: P1Auth + Crypto" –PolicyStore domain.contoso.com\GPO_name
PS C:\> Copy-NetIPsecPhase1AuthSet –InputObject $mMrule -NewPolicyStore domain.contoso.com\new_GPO)
PS C:\> Copy-NetIPsecMainModeCryptoSet –InputObject $mMrule -NewPolicyStore domain.contoso.com\new_GPO)
PS C:\> Set-NetIPsecMainModeRule –InputObject $mMrule –Phase1AuthSet $copiedCryptoSet.Name
The following cmdlets accomplish the same task but take advantage of caching the GPO to apply the changes locally.
PS C:\> $mMrule = Get-NetIPsecMainModeRule –DisplayName "Main Mode Rule: P1Auth + Crypto" –PolicyStore domain.contoso.com\GPO_name
PS C:\> $newGPO = Open-NetGPO –PolicyStore domain.contoso.com\new_GPO
PS C:\> Copy-NetIPsecPhase1AuthSet –InputObject $mMrule –GPOSession $newGPO
PS C:\> Copy-NetIPsecMainModeCryptoSet –InputObject $mMrule –GPOSession $newGPO
PS C:\> Copy-NetIPsecMainModeRule –InputObject $mMrule –GPOSession $newGPO
PS C:\> Save-NetGPO –GPOSession $newGPO
This example copies an entire IPsec main mode rule and the associated authentication and cryptographic sets to a new policy store. There is no
need to link the newly copied sets to the newly copied rule since the set fields of the rule maintain the IPsecRuleName parameter value of the
source.