Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-CMScCompliancePolicy
- Module:
- ConfigurationManager Module
Create a compliance policy to associate an object identifier from a smart card certificate to a BitLocker-protected drive.
Syntax
Default (Default)
New-CMScCompliancePolicy
[-PolicyState <State>]
[-CertificateOid <String>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Create a compliance policy to associate an object identifier from a smart card certificate to a BitLocker-protected drive. The policy setting applies when you enable BitLocker on a device.
The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker identifies the certificates it can use to authenticate a user certificate to a BitLocker-protected drive. It matches the object identifier in the certificate with the object identifier that you define with this policy.
The default object identifier is 1.3.6.1.4.1.311.67.1.1.
Note
BitLocker doesn't require that a certificate have an EKU attribute. If the certificate has an EKU, set it to an object identifier (OID) that matches the OID that you configure for BitLocker.
Examples
Example 1: New default enabled policy
This example creates a new policy that's enabled and uses the default OID.
New-CMScCompliancePolicy -PolicyState Enabled
Example 2: New enabled policy with a custom OID
This example creates a new policy that's enabled and uses a custom OID.
New-CMScCompliancePolicy -PolicyState Enabled -CertificateOid "1.2.3.4.5.6.7.8.9"
Parameters
-CertificateOid
Use this parameter to specify a custom OID.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy setting, use the -CertificateOid parameter to specify the object identifier that matches the object identifier in the smart card certificate.DisabledorNotConfigured: If you disable or don't configure this policy setting, it uses the default object identifier.
Parameter properties
| Type: | State |
| Default value: | None |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject
Related Links
Feedback
Was this page helpful?