Gets the security descriptor for a certificate template.
Get-CertificateTemplateAcl [-Template] <CertificateTemplate[]> [<CommonParameters>]
The Get-CertificateTemplateAcl command gets objects that represent the security descriptor of a certificate template. The security descriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.
Specifies the CertificateTemplate object. This object can be retrieved by running Get-CertificateTemplate cmdlet.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
PKI.CertificateTemplates.CertificateTemplate
PKI.Security.SecurityDescriptor
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplate | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll | Set-CertificateTemplateAcl
This example adds 'WebServerGroup' security group to the certificate template 'WebServer' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.
PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl
This example removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).
Get-CertificateTemplate
Add-CertificateTemplateAcl
Remove-CertificateTemplateAcl
Set-CertificateTemplateAcl