This is the built-in help made by Microsoft for the command 'Get-NetIPsecMainModeCryptoSet', in PowerShell version 4 - as retrieved from
Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Gets main mode cryptographic sets from the target computer.
Get-NetIPsecMainModeCryptoSet [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
[<CommonParameters>]
Get-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-DisplayGroup <String[]>] [-ForceDiffieHellman <Boolean[]>] [-GPOSessio
n <String>] [-Group <String[]>] [-MaxMinutes <UInt32[]>] [-MaxSessions <UInt32[]>] [-PolicyStore <String>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType <Po
licyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [<CommonParameters>]
Get-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -Assoc
iatedNetIPsecMainModeRule <CimInstance> [<CommonParameters>]
Get-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] -Displ
ayName <String[]> [<CommonParameters>]
Get-NetIPsecMainModeCryptoSet [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-Trace
PolicyStore] [<CommonParameters>]
The Get-NetIPsecMainModeCryptoSet cmdlet returns the instances of cryptographic sets that match the search parameters from the user. See the New-NetIPsecMainModeCrypt
oSet cmdlet for more information.
This cmdlet returns main mode cryptographic sets by specifying the Name parameter (default), the DisplayName parameter, rule properties, or by associated filters or o
bjects. The queried rules can be placed into variables and piped into other cmdlets for further modifications or monitoring.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=285770
Get-NetIPsecMainModeRule
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Save-NetGPO
Set-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO
<
EXAMPLE 1
PS C:\>Get-NetIPsecMainModeCryptoSet –PolicyStore ActiveStore
This example gets all of the main mode cryptographic sets in the currently active policy, which is the sum of all policy stores that apply to the computer. Running th
is cmdlet without specifying the policy store retrieves the persistent store.
EXAMPLE 2
PS C:\>Get-NetIPsecMainModeCryptoSet -ForceDiffieHellman $false
This example gets all of the main mode cryptographic sets that do not use the Diffie-Hellman exchange to protect the main mode key exchange.
EXAMPLE 3
PS C:\>$proposal1 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH1
PS C:\>$proposal2 = New-NetIPsecMainModeCryptoProposal -KeyExchange DH14
PS C:\>$cryptoset1 = (New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal $proposal1.Name, $proposal2.Name)
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet $cryptoset1
PS C:\>$mainModeCryptoSet = ($MainModeRule | Get-NetIPsecQuickModeCryptoSet)
PS C:\>$mainModeCryptoSet.Proposal[1] = DH19
PS C:\>$mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet
The following cmdlets shows an alternative method to the previous cmdlets. Note: The main mode rule setup is the same.
PS C:\>$mainModeRule = New-NetIPsecMainModeRule -DisplayName MainModeRule -MainModeCryptoSet (New-NetIPsecMainModeCryptoSet -DisplayName MainModeCryptoSet -Proposal (
New-NetIPsecMainModeCryptoProposal -KeyExchange DH1),(New-NetIPsecMainModeCryptoProposal -KeyExchange DH14)).Name
PS C:\>$mainModeCryptoSet = ($mainModeRule | Get-NetIPsecQuickModeCryptoSet)
PS C:\>$mainModeCryptoSet | Set-NetIPsecMainModeCryptoSet –Proposal (New-NetIPsecMainModeCryptoProposal -KeyExchange DH1), (New-NetIPsecMainModeCryptoProposal -KeyExc
hange DH19)
This example shows how to replace a key exchange option of a main mode cryptographic proposal to an existing main mode cryptographic set, given the associated main mo
de rule. The key exchange will be changed for the second specified cryptographic proposal.