Add-OnlineResponderAcl

Synopsis

Adds new Access Control Entry (ACE) to a Certification Authority's Access Control List (ACL).

Syntax

Add-OnlineResponderAcl -InputObject <OcspResponderSecurityDescriptor[]> -Identity <NTAccount[]> -AccessType <AccessControlType> -AccessMask <OcspResponderRights> [<CommonParameters>]

Add-OnlineResponderAcl -InputObject <OcspResponderSecurityDescriptor[]> -AccessRule <OcspResponderAccessRule[]> [<CommonParameters>]

Description

Adds new Access Control Entry (ACE) to a Online Responder's Access Control List (ACL).

This command performs ACL object change. Use Set-OnlineResponderAcl to write modified ACL to Online Responder configuration.

Note: Online Responder security descriptor supports only one ACE per principal. Therefore, if added prinicpal already has explicit permissions on Online Responder server, existing ACE is updated.

Parameters

-InputObject <OcspResponderSecurityDescriptor[]>

Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl command.

-AccessType <AccessControlType>

Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.

-AccessMask <OcspResponderRights>

Specifies the access mask to apply to entities specified in '-Identity' parameter.

-Identity <NTAccount[]>

Specifies a user, computer or a group to add to ACL.

-AccessRule <OcspResponderAccessRule[]>

Specifies the new access control entry object to add.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216)

Inputs

SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor

Outputs

SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor

Notes

Examples

Example 1

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Add-OnlineResponderAcl -Identity "OCSP Admins" -AccessType "Allow" -AccessMask "Manage" | Set-OnlineResponderAcl

In this example, existing Access Control List (ACL) object is retrieved from Online Responder server hosted on "ocsp1.example.com" and added new "Allow" Access Control Entry (ACE) for group "OCSP Admins" with "Manage" access and writes new ACL back to Online Responder configuration.

Example 2

PS C:\> $SourceACL = Connect-OnlineResponder -ComputerName "ocsp1.example.com" | Get-OnlineResponderAcl
PS C:\> $DestinationACL = Connect-OnlineResponder -ComputerName "ocsp3.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Force
PS C:\> $DestinationACL | Add-OnlineResponderAcl -AccessRule $SourceACL.Access | Set-OnlineResponderAcl

This example shows techniques used to copy and replace ACL from source Online Responder to destination Online Responder. a) First line retrieves ACL from source Online Responder hosted on "ocsp1.example.com". b) Second line retrieves existing ACL from destination Online Responder hosted on "ocsp3.example.com" and clears all Access Control Entries (ACE). c) Third line copies ACEs from source Online Responder to destination Online Responder.

Related links

• Connect-OnlineResponder
• Get-OnlineResponderAcl
• Remove-OnlineResponderAcl
• Set-OnlineResponderAcl

Minimum PowerShell version support

• Windows PowerShell 3.0

Operating System Support

• Windows 7
• Windows 8
• Windows 8.1
• Windows 10
• Windows 11
• Windows Server 2008 R2 all editions
• Windows Server 2012 all editions
• Windows Server 2012 R2 all editions
• Windows Server 2016 all editions
• Windows Server 2019 all editions
• Windows Server 2022 all editions
• Windows Server 2025 all editions