From 284c123f4f439a31767b49679596c48586083739 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:40:21 -0500 Subject: [PATCH 1/2] Update Copy-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set. --- .../winserver2022-ps/netsecurity/Copy-NetIPsecRule.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md index 8bb26418ea..e3a9bcb717 100644 --- a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md @@ -706,11 +706,11 @@ Specifies that matching IPsec rules of the indicated key module are copied. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. @@ -725,7 +725,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 948ddeddae9697f310002663b9e705825f4bc16f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:21:59 -0800 Subject: [PATCH 2/2] add to 2025, edits --- .../netsecurity/Copy-NetIPsecRule.md | 10 +++------- .../netsecurity/Copy-NetIPsecRule.md | 20 ++++++++----------- 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md index e3a9bcb717..3d315ed6ad 100644 --- a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/copy-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Copy-NetIPsecRule @@ -706,16 +706,12 @@ Specifies that matching IPsec rules of the indicated key module are copied. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. -The default value is Default. -There are authentication and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. -Windows versions prior to Windows Server 2012 only support the Default configuration. +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] diff --git a/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md index 8ec9b52e20..7e477dad46 100644 --- a/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/copy-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Copy-NetIPsecRule @@ -706,16 +706,12 @@ Specifies that matching IPsec rules of the indicated key module are copied. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -The default value is Default. -There are authentication and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -725,7 +721,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ```