PowerShell Logo Small

Disable-NetIPsecMainModeRule



This is the built-in help made by Microsoft for the command 'Disable-NetIPsecMainModeRule', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Disables a main mode rule.

SYNTAX


Disable-NetIPsecMainModeRule [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>]
[-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallProfile <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallAddressFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-DisplayGroup <String[]>] [-Enabled <Enabled[]>] [-GPOSession <String>] [-Group
<String[]>] [-MainModeCryptoSet <String[]>] [-PassThru] [-Phase1AuthSet <String[]>] [-PolicyStore <String>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType
<PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-DisplayName <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>]
[-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecPhase1AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-PassThru] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecMainModeRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecMainModeCryptoSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Disable-NetIPsecMainModeRule cmdlet disables a previously enabled main mode rule to be inactive within the computer or a Group Policy organizational unit. A disabled
rule will no actively modify computer behavior, but the rule still exists on the computer or in a Group Policy Object (GPO) so it can be re-enabled. This is different from
the Remove-NetIPsecMainModeRule cmdlet, which permanently removes the construct from the computer.


This cmdlet gets one or more main mode rules to be disabled with the Name parameter (default), the DisplayName parameter, rule properties, or by associated filters or
objects. The Enabled parameter value for the resulting queried rules is set to False.


Disabling firewall and IPsec rules can be useful for debugging IPsec policy mismatch issues, but it is easier when the rules are in the local, or persistent, store.
Disabling rules in a GPO container will not take effect until the next time the client applies the GPO. To troubleshoot GPO-based IPsec policy, consider copying all the
rules, and authorization and cryptographic sets from the GPO to a computer that does not have the GPO applied using the corresponding Copy-NetIPsecMainModeRule cmdlet. This
is the way to locally modify the policy, in order to troubleshoot any IPsec problems.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=225650
Copy-NetIPsecMainModeRule
Get-NetFirewallAddressFilter
Get-NetFirewallSecurityFilter
Get-NetIPsecMainModeCryptoSet
Get-NetIPsecPhase1AuthSet
New-NetIPsecMainModeRule
Open-NetGPO
Remove-NetIPsecMainModeRule
Save-NetGPO
Set-NetIPsecMainModeRule
New-NetIPsecAuthProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>Disable-NetIPsecMainModeRule -DisplayName "Main Mode Rule" –PolicyStore domain.contoso.com\gpo



This example disables a main mode rule in a GPO given the localized name.




EXAMPLE 2

PS C:\>Disable-NetIPsecMainModeRule -Group "DA Client" –PolicyStore ActiveStore



This example disables all of the main mode client DA rules on a local computer.




EXAMPLE 3

PS C:\>$phase1AuthSet = Get-NetIPsecPhase1AuthSet –DisplayName "Computer Kerb, CA Auth"



PS C:\>Disable-NetIPsecMainModeRule –InputObject $phase1AuthSet



This example disables the main mode rules associated with the specified phase 1 authentication set.