New-CMScCompliancePolicy
Create a compliance policy to associate an object identifier from a smart card certificate to a BitLocker-protected drive.
Syntax
New-CMScCompliancePolicy
[-PolicyState <State>]
[-CertificateOid <String>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Create a compliance policy to associate an object identifier from a smart card certificate to a BitLocker-protected drive. The policy setting applies when you enable BitLocker on a device.
The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker identifies the certificates it can use to authenticate a user certificate to a BitLocker-protected drive. It matches the object identifier in the certificate with the object identifier that you define with this policy.
The default object identifier is 1.3.6.1.4.1.311.67.1.1.
Note
BitLocker doesn't require that a certificate have an EKU attribute. If the certificate has an EKU, set it to an object identifier (OID) that matches the OID that you configure for BitLocker.
Examples
Example 1: New default enabled policy
This example creates a new policy that's enabled and uses the default OID.
New-CMScCompliancePolicy -PolicyState EnabledExample 2: New enabled policy with a custom OID
This example creates a new policy that's enabled and uses a custom OID.
New-CMScCompliancePolicy -PolicyState Enabled -CertificateOid "1.2.3.4.5.6.7.8.9"Parameters
-CertificateOid
Use this parameter to specify a custom OID.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy setting, use the -CertificateOid parameter to specify the object identifier that matches the object identifier in the smart card certificate.DisabledorNotConfigured: If you disable or don't configure this policy setting, it uses the default object identifier.
| Type: | State |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject