PowerShell Logo Small

Set-NetIPsecMainModeCryptoSet



This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeCryptoSet', in PowerShell version 4 - as retrieved from Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies existing main mode cryptographic sets.

SYNTAX


Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt3
2>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -Group <String[]> [-Co
nfirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt3
2>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayGroup <String[
]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt3
2>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayName <String[]
> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>]
[-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] [-C
onfirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt
32>] [-NewDisplayName <String>] [-PassThru] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>
]



Search powershellhelp.space

DESCRIPTION


The Set-NetIPsecMainModeCryptoSet cmdlet modifies cryptographic properties for existing main mode cryptographic sets.


This cmdlet gets one or more main mode cryptographic sets to be modified with the Name (default), DisplayName, or by group association using the Group or DisplayGroup
parameter. The sets cannot be queried by property in this cmdlet. The querying can be done by running the Get-NetIPsecMainModeCryptoSet cmdlet, The Get-NetIPsecMainM
odeCryptoSet cmdlet returns the cryptographic sets and pipes the sets into this cmdlet, which modifies the sets. The remaining parameters specify the properties of th
e set to be modified. When a group is specified, all of the sets associated with the group receive the same modifications. Rule fields are modified using the dot nota
tion are committed with this cmdlet.


To move a set to a new GPO, copy the existing set by running the Copy-NetIPsecMainModeCryptoSet cmdlet with the NewPolicyStore parameter, then remove the old set by r
unning the Remove-NetIPsecMainModeCryptoSet cmdlet.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288370
Copy-NetIPsecMainModeCryptoSet
Get-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Save-NetGPO
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128



PS C:\>$EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3



PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3



This example replaces the proposals of an existing main mode cryptographic set.




EXAMPLE 2

PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayGroup "DA Client" –MaxMinutes 240



This example modifies the maximum amount of time the security association is active for a group of main mode cryptographic sets.




EXAMPLE 3

PS C:\>$proposal1 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH1



PS C:\>$proposal2 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH14



PS C:\>$cryptoset1 = ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal $proposal1.Name, $proposal2.Name )



PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset1



PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )



PS C:\>$mainModeCryptoSet.Proposal[1] = DH19



PS C:\>Set-NetIPsecMainModeCryptoSet –InputObject $mainModeCryptoSet


This version of the cmdlet shows an alternative method to the previous example. Note: The main mode rule setup is the same.
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal
( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ),(New-NetIPsecMainModeCryptoProposal -KeyExchange DH14 ) ).Name



PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )



PS C:\>$mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet –Proposal ( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ), ( New-NetIPsecMainModeCryptoProposal -Key
Exchange DH19 )



This example shows how to replace a key exchange option of a main mode cryptographic proposal to an existing main mode cryptographic set, given the associated main mo
de rule. The key exchange is changed for the second specified cryptographic proposal.