PowerShell Logo Small

Set-NetIPsecMainModeCryptoSet



This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeCryptoSet', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies existing main mode cryptographic sets.

SYNTAX


Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>]
[-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -Group <String[]> [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>]
[-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayGroup <String[]>
[-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>]
[-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayName <String[]>
[-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>]
[-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>]
[-NewDisplayName <String>] [-PassThru] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-NetIPsecMainModeCryptoSet cmdlet modifies cryptographic properties for existing main mode cryptographic sets.


This cmdlet gets one or more main mode cryptographic sets to be modified with the Name (default), DisplayName, or by group association using the Group or DisplayGroup
parameter. The sets cannot be queried by property in this cmdlet. The querying can be done by running the Get-NetIPsecMainModeCryptoSet cmdlet, The
Get-NetIPsecMainModeCryptoSet cmdlet returns the cryptographic sets and pipes the sets into this cmdlet, which modifies the sets. The remaining parameters specify the
properties of the set to be modified. When a group is specified, all of the sets associated with the group receive the same modifications. Rule fields are modified using the
dot notation are committed with this cmdlet.


To move a set to a new GPO, copy the existing set by running the Copy-NetIPsecMainModeCryptoSet cmdlet with the NewPolicyStore parameter, then remove the old set by running
the Remove-NetIPsecMainModeCryptoSet cmdlet.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288370
Copy-NetIPsecMainModeCryptoSet
Get-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Save-NetGPO
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128



PS C:\>$EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3



PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3



This example replaces the proposals of an existing main mode cryptographic set.




EXAMPLE 2

PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayGroup "DA Client" –MaxMinutes 240



This example modifies the maximum amount of time the security association is active for a group of main mode cryptographic sets.




EXAMPLE 3

PS C:\>$proposal1 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH1



PS C:\>$proposal2 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH14



PS C:\>$cryptoset1 = ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal $proposal1.Name, $proposal2.Name )



PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset1



PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )



PS C:\>$mainModeCryptoSet.Proposal[1] = DH19



PS C:\>Set-NetIPsecMainModeCryptoSet –InputObject $mainModeCryptoSet


This version of the cmdlet shows an alternative method to the previous example. Note: The main mode rule setup is the same.
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal (
New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ),(New-NetIPsecMainModeCryptoProposal -KeyExchange DH14 ) ).Name



PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )



PS C:\>$mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet –Proposal ( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ), ( New-NetIPsecMainModeCryptoProposal
-KeyExchange DH19 )



This example shows how to replace a key exchange option of a main mode cryptographic proposal to an existing main mode cryptographic set, given the associated main mode
rule. The key exchange is changed for the second specified cryptographic proposal.