Set-SmbServerCertificateMapping
Modifies a certificate association with the SMB server for SMB over QUIC.
Syntax
Set-SmbServerCertificateMapping
[-Name] <String[]>
[-Flags <Flags>]
[-Thumbprint <String>]
[-StoreName <String>]
[-RequireClientAuthentication <Boolean>]
[-SkipClientCertificateAccessCheck <Boolean>]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-SmbServerCertificateMapping
-InputObject <CimInstance[]>
[-Flags <Flags>]
[-Thumbprint <String>]
[-StoreName <String>]
[-RequireClientAuthentication <Boolean>]
[-SkipClientCertificateAccessCheck <Boolean>]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-SmbServerCertificateMapping
cmdlet modifies a certificate's association to the SMB server
for SMB over QUIC. For more information, see SMB over QUIC.
Note
If the RequireClientAuthentication parameter is set to
$true
and SkipClientCertificateAccessCheck is set to$false
, the server will perform both client certificate validation and access control checks.If the RequireClientAuthentication parameter is set to
$true
and SkipClientCertificateAccessCheck is also set to$true
, the server will perform client certificate validation but no access control checks.
Examples
Example 1: Enable Named Pipes for the SMB over QUIC endpoint
This command enables Named Pipes for the SMB over QUIC endpoint, overriding the default behavior where Named Pipes are disabled for increased security.
$params = @{
Name = "2022-ae-02.corp.contoso.com"
Thumbprint = "88032B3551FAF7DE26EFFFF814AA086E3DBD2A4F"
StoreName = "My"
Flags = "AllowNamedPipe"
}
Set-SmbServerCertificateMapping @params
Parameters
-AsJob
Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CimSession
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Type: | CimSession[] |
Aliases: | Session |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Flags
Specifies if Named Pipes are enabled for SMB over QUIC. The acceptable values for this parameter are:
None
: Remove all flags.AllowNamedPipe
: Enable use of named pipes in SMB over QUIC connections for this mapping (off by default, overrides the value of RestrictNamedPipeAccessOverQuic).DefaultCert
: Not used.
Type: | Flags |
Accepted values: | None, AllowNamedPipe, DefaultCert |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InputObject
Specifies the input object that's used in a pipeline command.
Type: | CimInstance[] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
Specifies a fully-qualified DNS name or NetBIOS name that must match the certificate's subject name or an entry in the certificate's subject alternative names.
Type: | String[] |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you're working. By default, this cmdlet doesn't generate any output.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RequireClientAuthentication
Specifies whether client authentication is required for connections to the server. When this
parameter is set to $true
, clients must present a valid certificate to connect to the server.
When it is set to $false
, clients can connect without presenting a certificate.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SkipClientCertificateAccessCheck
Specifies whether the server should skip the check for client certificate access when a client
connects. This parameter only applies when the server certificate mapping
RequireClientAuthentication value is $true
. When this parameter is set to $true
, the server
will not perform the access control checks based on the client certificates. This can be useful in
scenarios where the server is acting as a gateway or proxy and client certificate validation is
sufficient.
However, it can also increase the risk of security breaches. When this parameter is set to
$false
, the server will perform the access control checks based on the client certificates in
addition to the client certificate validation before allowing the client to connect.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StoreName
Specifies the path to the certificate store for the certificate. The recommended value is "My" for the local machine personal store.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ThrottleLimit
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If
this parameter is omitted or a value of 0
is entered, then Windows PowerShell calculates an
optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the
computer. The throttle limit applies only to the current cmdlet, not to the session or to the
computer.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint value of the certificate.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet isn't run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
String[]
Microsoft.PowerShell.Cmdletization.GeneratedTypes.SmbServerCertificateMapping.Flags