PowerShell commands to manage NPS Radius policies?

user3271408

7/14/24, 2:19 PM

Are there PowerShell commands for managing NPS RADIUS policies?

I see commands for RADIUS clients (Get-NpsRadiusClient; etc), but nothing for the policies, I can't find a command to create the NPS shared secret (there is Get-NpsSharedSecretTemplate, but not to create it).

202

1 + 0

windows

powershell

radius

windows-server-2022

Score:0

Server

Pimp Juice IT

7/15/24, 7:26 PM

Yes, have a look over on the NPS post for cmdlets that can help with these things.

PowerShell cmdlets of interest

The New-NpsRadiusClient cmdlet allows adding new RADIUS client policy configurations to an NPS server including parameters for shared secret, address, name, and so forth.
Example 1: Add a new RADIUS client
```
New-NpsRadiusClient -Address "10.0.0.200" -Name "WirelessAP" -SharedSecret "9vq7822hFsJ8rm"
```
_Source
The Set-NpsRadiusClient cmdlet can be used to manage and change existing RADIUS client policy configurations to an NPS server with various parameters too.
Example 1: Set a RADIUS client settings
```
Set-NpsRadiusClient -Name "WirelessAP" -Address "10.0.0.201" -Enabled $False -SharedSecret "1234567890" 
```
_Source
The Export-NpsConfiguration cmdlet will export current configuration of NPS to an XML file.

The Export-NpsConfiguration cmdlet exports settings for Network Policy Server (NPS). NPS manages network access policies, connection request authentication, and connection request authorization

Export settings from a Network Policy Server to a file

Export-NpsConfiguration -Path "C:\Npsconfig.xml"

_Source
The Import-NpSConfiguration cmdlet imports an XML file to create new NPS configurations using parameters and values as set in the XML file. This file could be presumable modified accordingly to assist configuring NPS.

The Import-NpsConfiguration cmdlet imports settings for Network Policy Server (NPS). NPS manages network access policies, connection request authentication, and connection request authorization.

Import settings to a Network Policy Server

Import-NpsConfiguration -Path "C:\Npsconfig.xml"

_Source

+ 6

user3271408

7/16/24, 1:49 AM

Thank you for your response. I have seen those cmdlets and there is nothing for creating policies in that cmdlet. I have created policies in the GUI to say "Allow this group only" kind of thing. The New-NpsRadiusClient creates the client that can connect by IP, but I also have created policies in the GUI to say "Allow members of this group only" kind of thing.

Pimp Juice IT

7/16/24, 2:10 PM

@user3271408 By modifying the XML configuration file, you can define the RADIUS policies you want, including "Allow this group only" scenarios. Modifying the XML file directly may require a good understanding of the NPS configuration schema. Try it with an existing setup so export from it, look over the XML, and then see what you can figure out. These are the ones that are as close as it gets as far as I know until MS extends PS for more NPS configs. The top 2 commands mentioned contain Shared Secret configs so I listed those too since you couldn't find.

user3271408

7/19/24, 11:39 PM

Thank you for your assistance.

Pimp Juice IT

7/19/24, 11:41 PM

@user3271408 You are very welcome, and thank you for the question! Keep me posted on your final results too please. I look forward to hearing back from you.

user3271408

7/29/24, 3:19 PM

I ended up exporting the configs from an existing NPS system and imported to the new one, changed what I could use PowerShell and did the Policy part in the GUI. If I had to do a headless server, I would play with modifying the XML for import. Thanks again.

Pimp Juice IT

7/29/24, 4:04 PM

@user3271408 You're welcome, and I appreciate the update.... Feel free to accept the answer if you feel it's worthy of acceptance and helped point you to get your final desired configuration as best as possible per the current available solutions for this.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: PowerShell commands to manage NPS Radius policies?