PowerShell Logo Small

Set-CertificateAutoEnrollmentPolicy



This is the built-in help made by Microsoft for the command 'Set-CertificateAutoEnrollmentPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Sets local certificate auto-enrollment policy.

SYNTAX


Set-CertificateAutoEnrollmentPolicy -context {Machine | User} -EnableAll [-Confirm] [-WhatIf] [<CommonParameters>]
Set-CertificateAutoEnrollmentPolicy [-EnableBalloonNotifications] [-EnableMyStoreManagement] [-EnableTemplateCheck] [-ExpirationPercentage <Int32>] [-StoreName <String[]>]
-context {Machine | User} -PolicyState {Disabled | Enabled | NotConfigured} [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-CertificateAutoEnrollmentPolicy cmdlet configures local certificate auto-enrollment policy for a user or computer. The auto-enrollment policy can also be configured
by using the Local Security Policy console. These settings can be found in the following location.

-- \Security Settings\Public Key Policies\Certificate Services Client - Auto-Enrollment.


Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=287539
Get-CertificateAutoEnrollmentPolicy

REMARKS

<

Examples


EXAMPLE 1

PS C:\>Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -Context User



This example enables local user certificate auto-enrollment policy with the Renew expired certificates, update pending certificates, and remove revoked certificates and
Update certificates that use certificates templates options enabled.




EXAMPLE 2

PS C:\>Set-CertificateAutoEnrollmentPolicy -PolicyState NotConfigured -Context Machine



This example sets local computer certificate auto-enrollment policy to Not Configured.




EXAMPLE 3

PS C:\>Set-CertificateAutoEnrollmentPolicy -ExpirationPercentage 15 -PolicyState Enabled -EnableExpirationNotification -Context Machine -StoreName "Remote Desktop"



This example enables local computer certificate auto-enrollment policy with the Expiration notifications option enabled and set to 15 percent of the certificate lifetime.
This cmdlet also configures the Remote Desktop certificate store as an additional store to be monitored for certificate expiration.




EXAMPLE 4

The example in detail.
PS C:\>Set-CertificateAutoEnrollmentPolicy -PolicyState Enabled -EnableMyStoreManagement -EnableTemplateCheck -EnableExpirationNotification -ExpirationPercentage 10 -Context
User


The concise version of the same example.
PS C:\>Set-ACertificateutoEnrollmentPolicy -EnableAll -Context User



This example performs the same task in two ways.