We're headed to GridSecCon 2024, October 22-25 in Minneapolis, MN! Learn more here

PowerShell PKI Module Documentation

Documentation Home
This command is not available in non-domain environments
This command requires installed Remote Server Administration Tools (RSAT)

Remove-OnlineResponderAcl

Synopsis

Removes an entity (user, computer, or security group) from the Online Responder ACL.

Syntax

Remove-OnlineResponderAcl -InputObject <OcspResponderSecurityDescriptor[]> -Identity <NTAccount[]> -AccessType <AccessControlType> [<CommonParameters>]

Remove-OnlineResponderAcl -InputObject <OcspResponderSecurityDescriptor[]> -Force <SwitchParameter> [<CommonParameters>]

Description

Removes an entity (user, computer, or security group) from the certificate template ACL.

This command only prepares new certificate template ACL object. In order to write it to the actual object use this command's result to Set-OnlineResponderAcl cmdlet (see Examples section).

Parameters

-InputObject <OcspResponderSecurityDescriptor[]>

Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-OnlineResponderAcl command.

Required? True
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-AccessType <AccessControlType>

Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Force <SwitchParameter>

Removes all Access Control Entries from the current ACL.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Identity <NTAccount[]>

Specifies user or group account name to remove from Certification Authority ACL.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor

Outputs

SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor

Notes

Examples

Example 1

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Identity "Old OCSP Admins" -AccessType Allow | Set-OnlineResponderAcl

In this example, a group "Old OCSP Admins" is removed from ACL for Online Responder "ocsp1.example.com"

Related links

Connect-OnlineResponder
Get-OnlineResponderAcl
Add-OnlineResponderAcl
Set-OnlineResponderAcl

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions