Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://pspki.codeplex.com/

Get-CertificateTemplateAcl

[This command is not available in non-domain environments]

[This command requires installed Remote Server Administration Tools (RSAT)]

Get-CertificateTemplateAcl

Synopsis

Gets the security descriptor for a certificate template.

Syntax

Get-CertificateTemplateAcl [-Template] <CertificateTemplate[]> [<CommonParameters>]

Description

The Get-CertificateTemplateAcl command gets objects that represent the security descriptor of a certificate template. The security descriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.

Parameters

-Template <CertificateTemplate[]>

Specifies the CertificateTemplate object. This object can be retrieved by running Get-CertificateTemplate cmdlet.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateTemplates.CertificateTemplate

Outputs

PKI.Security.SecurityDescriptor

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplate | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll

This example adds 'WebServerGroup' security group to the certificate template 'WebServer' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.

Example 2

PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl

This example removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).

Related links

Get-CertificateTemplate
Add-CertificateTemplateAcl
Remove-CertificateTemplateAcl
Set-CertificateTemplateAcl

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha