PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Show-ADAuthenticationPolicyExpression', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors.


Show-ADAuthenticationPolicyExpression [[-SDDL] <String>] [[-Title] <String>] [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Server <String>]
-AllowedToAuthenticateFrom [-Confirm] [-WhatIf] [<CommonParameters>]
Show-ADAuthenticationPolicyExpression [[-SDDL] <String>] [[-Title] <String>] [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Server <String>]
-AllowedToAuthenticateTo [-Confirm] [-WhatIf] [<CommonParameters>]

Search powershellhelp.space


The Show-ADAuthenticationPolicyExpression cmdlet creates or modifies an SDDL security descriptor using the Edit Access Control Conditions window.



Online Version: http://go.microsoft.com/fwlink/p/?linkid=298321




Example 1: Retrieve the AllowedToAuthenticateFrom settings and store in a file

PS C:\>Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateFrom > someFile.txt
PS C:\> New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Get-Acl .\AuthSettings.txt).sddl

This command retrieves the AllowedToAuthenticateFrom access control list (ACL) by opening the Edit Access Control Conditions window and stores the ACL in a file named
AuthSettings.txt. The file is then used to apply a new authentication policy to the retrieved ACL.

Example 2: Set the UserAllowedToAuthenticateFrom property

PS C:\>New-ADAuthenticationPolicy -Name "testAuthenticationPolicy" -UserAllowedToAuthenticateFrom (Show-ADAuthenticationPolicyExpression -AllowedToAuthenticateFrom)

This example uses the New-ADAuthenticationPolicy cmdlet to create an authentication policy, and then sets the UserAllowedToAuthenticateFrom property by specifying the
Show-ADAuthenticationPolicyExpression cmdlet as the value for the parameter.