This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeCryptoSet', in PowerShell version 5 - as retrieved from
Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies existing main mode cryptographic sets.
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>]
[-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -Group <String[]> [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>]
[-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayGroup <String[]>
[-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-MaxMinutes <UInt32>]
[-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -DisplayName <String[]>
[-Confirm] [-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>]
[-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-NewDisplayName <String>] [-PassThru] [-PolicyStore <String>] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>]
[-NewDisplayName <String>] [-PassThru] [-Proposal <CimInstance[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
The Set-NetIPsecMainModeCryptoSet cmdlet modifies cryptographic properties for existing main mode cryptographic sets.
This cmdlet gets one or more main mode cryptographic sets to be modified with the Name (default), DisplayName, or by group association using the Group or DisplayGroup
parameter. The sets cannot be queried by property in this cmdlet. The querying can be done by running the Get-NetIPsecMainModeCryptoSet cmdlet, The
Get-NetIPsecMainModeCryptoSet cmdlet returns the cryptographic sets and pipes the sets into this cmdlet, which modifies the sets. The remaining parameters specify the
properties of the set to be modified. When a group is specified, all of the sets associated with the group receive the same modifications. Rule fields are modified using the
dot notation are committed with this cmdlet.
To move a set to a new GPO, copy the existing set by running the Copy-NetIPsecMainModeCryptoSet cmdlet with the NewPolicyStore parameter, then remove the old set by running
the Remove-NetIPsecMainModeCryptoSet cmdlet.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=288370
Copy-NetIPsecMainModeCryptoSet
Get-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Save-NetGPO
Remove-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO
<
EXAMPLE 1
PS C:\>$EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128
PS C:\>$EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3
PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3
This example replaces the proposals of an existing main mode cryptographic set.
EXAMPLE 2
PS C:\>Set-NetIPsecMainModeCryptoSet -DisplayGroup "DA Client" –MaxMinutes 240
This example modifies the maximum amount of time the security association is active for a group of main mode cryptographic sets.
EXAMPLE 3
PS C:\>$proposal1 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH1
PS C:\>$proposal2 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH14
PS C:\>$cryptoset1 = ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal $proposal1.Name, $proposal2.Name )
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset1
PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )
PS C:\>$mainModeCryptoSet.Proposal[1] = DH19
PS C:\>Set-NetIPsecMainModeCryptoSet –InputObject $mainModeCryptoSet
This version of the cmdlet shows an alternative method to the previous example. Note: The main mode rule setup is the same.
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet ( New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal (
New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ),(New-NetIPsecMainModeCryptoProposal -KeyExchange DH14 ) ).Name
PS C:\>$mainModeCryptoSet = ( $mainModeRule | Get-NetIPsecMainModeCryptoSet )
PS C:\>$mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet –Proposal ( New-NetIPsecMainModeCryptoProposal -KeyExchange DH1 ), ( New-NetIPsecMainModeCryptoProposal
-KeyExchange DH19 )
This example shows how to replace a key exchange option of a main mode cryptographic proposal to an existing main mode cryptographic set, given the associated main mode
rule. The key exchange is changed for the second specified cryptographic proposal.