New-NpsRadiusClientWithTemplate

0.1

Why Microsoft doesn't give you the ability to apply a template when creating a new client puzzles me.
This script aims to solve this problem, as many organizations have a lot of devices, and a password
policy that requires changing RADIUS secrets. You don't want to have to update all the clients, just the
template. That why we use them...!

This may not be the best
Why Microsoft doesn't give you the ability to apply a template when creating a new client puzzles me.
This script aims to solve this problem, as many organizations have a lot of devices, and a password
policy that requires changing RADIUS secrets. You don't want to have to update all the clients, just the
template. That why we use them...!

This may not be the best way to solve this problem, however it does work.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name New-NpsRadiusClientWithTemplate

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Chris Masters

Copyright

(c) 2019 Chris Masters. All rights reserved.

Owners

Tags

NPS RADIUS SecretKey SharedSecret

Dependencies

This script has no dependencies.

Release Notes

Initial release, with very little testing. I know it works for adding. And when you check the GUI, it shows
the device as using the template. However, I have not gone so far as to setup a dev env so I could change
the keys we use for our various SharedSecretTemplates.
Some notes on the process (observed only, not research)...
The IAS (Network Policy Server) service stores its files in $env:SystemRoot\System32\IAS\
When you edit data, it gets entered into ias_converted.xml and ias.xml.
I'm not sure of the process or reason for the two different files, as they're identical (SHA256 hashed).
Maybe the changes are entered into the converted files, checked for proper formatting, then copied to
ias.xml...?
Either way, I don't think it would be a good idea to edit these files directly, because stuff happens.
PROCESS:
- First the script creates a session with your NPS server.
- Creates a new NPS radius client
- Exports the configuration (messy, I know. Yet will be worth it when you need to change the key later)
- Changes the GUID for the template used on that client
- Then imports the changed config
- And optionaly restarts the service. I've noticed that it doesn't take affect until a service restart when
editing via the command line.
Also of note.... it wasn't 3am when I wrote this, so not my best work... but it was pretty late, so maybe
it's not so bad.

Version History

Version Downloads Last updated
0.1 (current version) 338 3/8/2019