This is the built-in help made by Microsoft for the command 'Set-NetIPsecMainModeRule', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies existing main mode rules.
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession
<String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet
<String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>]
-DisplayName <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession
<String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet
<String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>]
-DisplayGroup <String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-Name] <String[]> [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled
<Enabled>] [-GPOSession <String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru
[<SwitchParameter>]] [-Phase1AuthSet <String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>]
[-ThrottleLimit <Int32>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-LocalAddress
<String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet <String>] [-Platform
<String[]>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm
[<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-NetIPsecMainModeRule [-AsJob [<SwitchParameter>]] [-CimSession <CimSession[]>] [-Description <String>] [-Enabled <Enabled>] [-GPOSession
<String>] [-LocalAddress <String[]>] [-MainModeCryptoSet <String>] [-NewDisplayName <String>] [-PassThru [<SwitchParameter>]] [-Phase1AuthSet
<String>] [-Platform <String[]>] [-PolicyStore <String>] [-Profile <Profile>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -Group
<String[]> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
The Set-NetIPsecMainModeRule cmdlet modifies firewall properties of exsisting main mode rules. This cmdlet gets one or more main mode rules to
be modified with the Name parameter (default), the DisplayName parameter, or by group association using the DisplayGroup or Group parameters.
The rules cannot be queried by property in this cmdlet. The Get-NetIPsecMainModeRule cmdlet returns the queried objects and pipes the objects
into this cmdlet. The remaining parameters specify the properties of the rule to be modified. When the DisplayGroup or Group parameter is
specified, then all of the sets associated with the group receive the same modifications. The rule parameters modified using the dot-notation
are committed using this cmdlet.
To move a rule to a new GPO, copy the existing rule by running the Copy-NetIPsecMainModeRule cmdlet with the NewPolicyStore parameter, then
removing the old rule with the Remove-NetIPsecMainModeRule cmdlet.
Modifying authentication or cryptographic configurations to use the default settings including NetIPsecPhase1AuthSet,
NetIPsecMainModeCryptoSet, or with Default flag enabled must be done by using dot-notation
<
Copy-NetIPsecMainModeRule
Enable-NetIPsecMainModeRule
Get-NetFirewallAddressFilter
Get-NetIPsecMainModeRule
Open-NetGPO
Remove-NetIPsecMainModeRule
Save-NetGPO
New-NetIPsecAuthProposal
New-GPO
<
EXAMPLE 1
PS C:\> $EncAES128 = New-NetIPsecMainModeCryptoProposal -Encryption AES128
PS C:\> $EncDES3 = New-NetIPsecMainModeCryptoProposal -Encryption DES3
PS C:\> $cryptoset = New-NetIPsecMainModeCryptoSet -DisplayName "(DA Client) - Phase 2 Crypto Set" –Proposals $EncAES128,$EncDES3
PS C:\> Set-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset
This example replaces the proposals for an existing main mode rule.
EXAMPLE 2
PS C:\> Set-NetIPsecMainModeRule -DisplayGroup "DA Client" -Enabled True
PS C:\> Enable-NetIPsecMainModeRule -DisplayGroup "DA Client"
This example shows two ways to enable all of the main mode rules in a predefined group.
EXAMPLE 3
PS C:\> Set-NetFirewallRule -DisplayName "Tunnel Mode - (DA Client)" –NewDisplayName "Tunnel Mode - Americas (DA Client)"
This example changes the display name for a main mode rule
EXAMPLE 4
PS C:\> $rule = Get-NetIPsecMainModeRule –DisplayName "Tunnel Mode - (DA Client)"
PS C:\> $rule.MainModeModeCryptoSet = "Default"
PS C:\> Set-NetIPsecMainModeRule –InputObject $rule
This example modifies a main mode rule to use the default encryption method for main mode if a custom one has been previously set to the rule.