PowerShell Logo Small

Set-NetIPsecMainModeCryptoSet



This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeCryptoSet', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies existing main mode cryptographic sets.

SYNTAX


Set-NetIPsecMainModeCryptoSet [-Name] <String[]> [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>]
[-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru
[<SwitchParameter>]] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman
<Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]]
[-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -Group <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman
<Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]]
[-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayName <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman
<Boolean>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Proposal
<CimInstance[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman
<Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]]
[-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayGroup <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf
[<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-NetIPsecMainModeCryptoSet cmdlet modifies cryptographic properties for existing main mode cryptographic sets.


This cmdlet gets one or more main mode cryptographic sets to be modified with the Name (default), DisplayName, or by group association using
the Group or DisplayGroup parameter. The sets cannot be queried by property in this cmdlet. The querying can be done by running the
Get-NetIPsecMainModeCryptoSet cmdlet, The Get-NetIPsecMainModeCryptoSet cmdlet returns the cryptographic sets and pipes the sets into this
cmdlet, which modifies the sets. The remaining parameters specify the properties of the set to be modified. When a group is specified, all of
the sets associated with the group receive the same modifications. Rule fields are modified using the dot notation are committed with this
cmdlet.


To move a set to a new GPO, copy the existing set by running the Copy-NetIPsecMainModeCryptoSet cmdlet with the NewPolicyStore parameter, then
remove the old set by running the Remove-NetIPsecMainModeCryptoSet cmdlet.



<

RELATED LINKS

Copy-NetIPsecMainModeCryptoSet
Get-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Save-NetGPO
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\> $EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128


PS C:\> $EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3


PS C:\> Set-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3



This example replaces the proposals of an existing main mode cryptographic set.




EXAMPLE 2

PS C:\> Set-NetIPsecMainModeCryptoSet -DisplayGroup "DA Client" –MaxMinutes 240



This example modifies the maximum amount of time the security association is active for a group of main mode cryptographic sets.




EXAMPLE 3

PS C:\> $proposal1 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH1


PS C:\> $proposal2 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH14


PS C:\> $cryptoset1 = ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal $proposal1.Name, $proposal2.Name )


PS C:\> $mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset1


PS C:\> $mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )


PS C:\> $mainModeCryptoSet.Proposal[1] = DH19


PS C:\> Set-NetIPsecMainModeCryptoSet –InputObject $mainModeCryptoSet

This version of the cmdlet shows an alternative method to the previous example. Note: The main mode rule setup is the same.
PS C:\> $mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet ( New-NetIPsecMainModeCryptoSet -DisplayName
MainModeCryptoSet -Proposal ( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ),(New-NetIPsecMainModeCryptoProposal -KeyExchange DH14 )
).Name


PS C:\> $mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )


PS C:\> $mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet –Proposal ( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ), (
New-NetIPsecMainModeCryptoProposal -KeyExchange DH19 )



This example shows how to replace a key exchange option of a main mode cryptographic proposal to an existing main mode cryptographic set,
given the associated main mode rule. The key exchange is changed for the second specified cryptographic proposal.