Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Get-InterfaceFlag

[This command requires installed Remote Server Administration Tools (RSAT)]

Get-InterfaceFlag

Synopsis

Retrieves Active Directory Certificate Services (AD CS) management and request interface flags.

Syntax

Get-InterfaceFlag [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]

Description

Retrieves Active Directory Certificate Services (AD CS) management and request interface flags.

Management interface is implemented in ICertAdmin and request interface is implemented in ICertRequest. By using this (and related commands, such Enable-InterfaceFlag and Disable-InterfaceFlag) you can limit these interface usage. For example you can prevent AD CS remote management with ICertAdmin interface and allow AD CS management only locally.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.Flags.InterfaceFlag

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -name "company-CA1" | Get-InterfaceFlag

Returns 'company-CA1' CA server management and enrollment interface settings.

Example 2

PS C:\> Get-CertificationAuthority | Get-InterfaceFlag

Returns management and enrollment interface settings for all Enterprise CA servers in the current Active Directory forest.

Example 3

PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoLocalIcertRequest" -RestartCA

This example removes local enrollment restriction for "company-CA01" CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Example 4

PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoRemoteICertAdminBackup" -RestartCA

This example removes remote backup restrictions for all Enterprise CAs in the current Active Directory forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Example 5

PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "NoRemoteIcertAdmin", "NoRemoteICertAdminBackup" -RestartCA

This example restricts "company-CA01" CA server remote management and remote backup operations. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Example 6

PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "EnableAdminAsAuditor" -RestartCA

This example grants CA Administrators CA Auditor role for all Enterprise CAs in the current forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Enable-InterfaceFlag
Disable-InterfaceFlag
Restore-InterfaceFlagDefault

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha