This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeCryptoSet', in PowerShell version 4 - as retrieved from
Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies existing main mode cryptographic sets.
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt3
2>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -Group <String[]> [-Co
nfirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt3
2>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayGroup <String[
]> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt3
2>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayName <String[]
> [-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>]
[-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] [-C
onfirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt
32>] [-NewDisplayName <String>] [-PassThru] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>
]
The Set-NetIPsecMainModeCryptoSet cmdlet modifies cryptographic properties for existing main mode cryptographic sets.
This cmdlet gets one or more main mode cryptographic sets to be modified with the Name (default), DisplayName, or by group association using the Group or DisplayGroup
parameter. The sets cannot be queried by property in this cmdlet. The querying can be done by running the Get-NetIPsecMainModeCryptoSet cmdlet, The Get-NetIPsecMainM
odeCryptoSet cmdlet returns the cryptographic sets and pipes the sets into this cmdlet, which modifies the sets. The remaining parameters specify the properties of th
e set to be modified. When a group is specified, all of the sets associated with the group receive the same modifications. Rule fields are modified using the dot nota
tion are committed with this cmdlet.
To move a set to a new GPO, copy the existing set by running the Copy-NetIPsecMainModeCryptoSet cmdlet with the NewPolicyStore parameter, then remove the old set by r
unning the Remove-NetIPsecMainModeCryptoSet cmdlet.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=288370
Copy-NetIPsecMainModeCryptoSet
Get-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Save-NetGPO
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO
<
EXAMPLE 1
PS C:\>$EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128
PS C:\>$EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3
PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3
This example replaces the proposals of an existing main mode cryptographic set.
EXAMPLE 2
PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayGroup "DA Client" –MaxMinutes 240
This example modifies the maximum amount of time the security association is active for a group of main mode cryptographic sets.
EXAMPLE 3
PS C:\>$proposal1 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH1
PS C:\>$proposal2 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH14
PS C:\>$cryptoset1 = ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal $proposal1.Name, $proposal2.Name )
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset1
PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )
PS C:\>$mainModeCryptoSet.Proposal[1] = DH19
PS C:\>Set-NetIPsecMainModeCryptoSet –InputObject $mainModeCryptoSet
This version of the cmdlet shows an alternative method to the previous example. Note: The main mode rule setup is the same.
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal
( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ),(New-NetIPsecMainModeCryptoProposal -KeyExchange DH14 ) ).Name
PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )
PS C:\>$mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet –Proposal ( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ), ( New-NetIPsecMainModeCryptoProposal -Key
Exchange DH19 )
This example shows how to replace a key exchange option of a main mode cryptographic proposal to an existing main mode cryptographic set, given the associated main mo
de rule. The key exchange is changed for the second specified cryptographic proposal.