[This command is not available in non-domain environments]
NAME
Remove-CertificateTemplateAcl
SYNOPSIS
Removes an entity (user, computer, or security group) from the certificate template ACL.
SYNTAX
Remove-CertificateTemplateAcl [-InputObject] <SecurityDescriptor> [[-User] <NTAccount[]>] [[-AccessType] <AccessControlType>] [<CommonParameters>]
DESCRIPTION
Removes an entity (user, computer, or security group) from the certificate template ACL.
This command only prepares new certificate template ACL object. In order to write it to the actual object use this command's result to
Set-CertificateTemplateAcl cmdlet (see Examples section).
Note: in order to edit certificate template ACL, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' Active Directory container.
PARAMETERS
-InputObject <SecurityDescriptor>
Specifies an ACL object of certificate template. This object can be retrieved by running
Get-CertificateTemplateAcl command.
| Required? |
true |
| Position? |
1 |
| Default value |
|
| Accept pipeline input? |
true (ByValue, ByPropertyName) |
| Accept wildcard characters? |
false |
-User <NTAccount[]>
Specifies an account (user, computer or security group) to remove from the certificate template ACL.
| Required? |
false |
| Position? |
2 |
| Default value |
|
| Accept pipeline input? |
false |
| Accept wildcard characters? |
false |
-AccessType <AccessControlType>
Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.
| Required? |
false |
| Position? |
3 |
| Default value |
|
| Accept pipeline input? |
false |
| Accept wildcard characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".
INPUTS
PKI.Security.SecurityDescriptor
OUTPUTS
PKI.Security.SecurityDescriptor
NOTES
Author: Vadims Podans
Blog: http://en-us.sysadmins.lv
EXAMPLES
-------------- Example 1 --------------
C:\PS>Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl
This command removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).
RELATED LINKS
Get-CertificateTemplate
Get-CertificateTemplateAcl
Add-CertificateTemplateAcl
Set-CertificateTemplateAcl