We're headed to GridSecCon 2024, October 22-25 in Minneapolis, MN! Learn more here

PowerShell PKI Module Documentation

Documentation Home
This command is not available in non-domain environments
This command requires installed Remote Server Administration Tools (RSAT)

Set-OnlineResponderAcl

Synopsis

Changes the Online Responder's security descriptor.

Syntax

Set-OnlineResponderAcl [-InputObject] <OcspResponderSecurityDescriptor[]> [<CommonParameters>]

Description

Writes modified access control list (ACL) to Online Responder.

Parameters

-InputObject <OcspResponderSecurityDescriptor[]>

Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl, Add-OnlineResponderAcl or Remove-OnlineResponderAcl cmdlet.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor

Outputs

SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor

Notes

Examples

Example 1

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Add-OnlineResponderAcl -Identity "OCSP Admins" -AccessType "Allow" -AccessMask "Manage" | Set-OnlineResponderAcl

In this example, existing Access Control List (ACL) object is retrieved from Online Responder server hosted on "ocsp1.example.com" and added new "Allow" Access Control Entry (ACE) for group "OCSP Admins" with "Manage" access and writes new ACL back to Online Responder configuration.

Example 2

PS C:\> $SourceACL = Connect-OnlineResponder -ComputerName "ocsp1.example.com" | Get-OnlineResponderAcl
PS C:\> $DestinationACL = Connect-OnlineResponder -ComputerName "ocsp3.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Force
PS C:\> $DestinationACL | Add-OnlineResponderAcl -AccessRule $SourceACL.Access | Set-OnlineResponderAcl

This example shows techniques used to copy and replace ACL from source Online Responder to destination Online Responder. a) First line retrieves ACL from source Online Responder hosted on "ocsp1.example.com". b) Second line retrieves existing ACL from destination Online Responder hosted on "ocsp3.example.com" and clears all Access Control Entries (ACE). c) Third line copies ACEs from source Online Responder to destination Online Responder.

Example 3

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Identity "Old OCSP Admins" -AccessType Allow | Set-OnlineResponderAcl

In this example, a group "Old OCSP Admins" is removed from ACL for Online Responder "ocsp1.example.com"

Related links

Connect-OnlineResponder
Get-OnlineResponderAcl
Add-OnlineResponderAcl
Remove-OnlineResponderAcl

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions