Install-Device Health Attestation

Installs the Device Health Attestation service.

Syntax

Install-DeviceHealthAttestation
       -EncryptionCertificateThumbprint <String>
       -SigningCertificateThumbprint <String>
       -SupportedAuthenticationSchema <String>
       [-Force]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Install-DeviceHealthAttestation
       -EncryptionCertificateThumbprint <String>
       -SigningCertificateThumbprint <String>
       -SslCertificateThumbprint <String>
       [-SslCertificateStoreName <StoreName>]
       -SupportedAuthenticationSchema <String>
       [-Force]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Install-DeviceHealthAttestation cmdlet installs the Device Health Attestation service and configures its dependencies. Before you can install the service, you must add the Device Health Attestation service role.

The installation does the following:

  • Creates an application pool.
  • Creates a web application.
  • Adds a firewall rule for incoming requests.
  • Sets the initial configuration.
  • Registers user access logging.

You must have administrator rights to run this cmdlet.

Examples

Example 1: Install the Device Health Attestation service

PS C:\> Install-DeviceHealthAttestation -EncryptionCertificateThumbprint "0123456789ABCDEF0123456789ABCDEF01234567" -SigningCertificateThumbprint "0123456789ABCDEF0123456789ABCDEF01234567" -SupportedAuthenticationSchema "AikPub,EkCertificate"

This command installs the Device Health Attestation service.

Example 2: Install the Device Health Attestation service with SSL

PS C:\> Install-DeviceHealthAttestation -EncryptionCertificateThumbprint "0123456789ABCDEF0123456789ABCDEF01234567" -SigningCertificateThumbprint "0123456789ABCDEF0123456789ABCDEF01234567" -SupportedAuthenticationSchema "AikPub,EkCertificate" -SslCertificateThumbprint "0123456789ABCDEF0123456789ABCDEF01234567" -SslCertificateStoreName "My"

This command installs the Device Health Attestation service with SSL bindings.

Required Parameters

-EncryptionCertificateThumbprint

Specifies the encryption certificate thumbprint. The value must contain only hexadecimal digits (0-9, A-F) and be 40 characters in length. This value is case-insensitive.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SigningCertificateThumbprint

Specifies the signing certificate thumbprint. The value must contain only hexadecimal digits (0-9, A-F) and be 40 characters in length. This value is case-insensitive.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SslCertificateThumbprint

Specifies the thumbprint of the certificate to use for server SSL binding. The value must contain only hexadecimal digits (0-9, A-F) and be 40 characters in length. This value is case-insensitive.

If you specify SslCertificateThumbprint , the cmdlet creates an SSL binding on the default website. If you specify this parameter, you must also specify the SslCertificateStoreName parameter.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SupportedAuthenticationSchema

Specifies, in a comma-separated list, the authentication schema that the Device Health Attestation service supports. The acceptable values for this parameter are:

  • AikPub
  • AikCertificate
  • EkCertificate

You cannot specify both AikCertificate and EkCertificate in the same command.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Force

Forces the command to run without asking for user confirmation.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SslCertificateStoreName

Specifies the certificate store that contains the certificate referenced by the SslCertificateThumbprint parameter. The acceptable values for this parameter are:

  • AddressBook
  • AuthRoot
  • CertificateAuthority
  • Disallowed
  • My
  • Root
  • TrustedPeople
  • TrustedPublisher
Type: StoreName
Parameter Sets: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, TrustedPublisher
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False