Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v3.0
v3.0
  • Home
  • How does Lithnet Access Manager help prevent lateral movement?
  • Access Manager Editions
  • Licensing
  • What's new in Access Manager v3
  • Change log
  • Installation
    • Getting started
    • System Requirements
    • Downloads
    • Upgrading from Access Manager v1
    • Upgrading from Access Manager v2
      • Considerations for migrating from Access Manager v2
    • Installing the Access Manager Server
      • Creating a service account for the Access Manager Service
      • SQL installation options
      • Installing the Access Manager Service
      • High availability options
        • Load balancing Access Manager
    • Installing the Access Manager Agent
      • Enabling agent support on the AMS server
      • Installing the Access Manager Agent on Windows
      • Installing the Access Manager Agent on Linux
      • Installing the Access Manager Agent on macOS
  • Configuration
    • Setting up Authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Microsoft Entra ID
      • Setting up authentication with Okta
      • Setting up smart card authentication
      • Setting up integrated windows authentication
    • Deploying Features
      • Setting up RapidLAPS
      • LAPS
        • Setting up Microsoft LAPS for Active Directory
        • Setting up Microsoft LAPS for Entra
        • Setting up Lithnet LAPS
      • Just-in-time Authentication (JIT)
        • Setting up JIT for computers
        • Setting up JIT for roles
      • Setting up BitLocker access
        • Setting up access to BitLocker keys stored in Active Directory
        • Setting up BitLocker recovery key backup and access using the Access Manager Agent
    • Importing authorization rules
      • Import Microsoft LAPS permissions from Active Directory
      • Importing BitLocker permissions from Active Directory
      • Importing local administrator group membership from domain-joined Windows devices
      • Import mappings from a CSV file
      • Performing an offline discovery of local admins
  • Help and support
    • Frequently asked Questions
    • Troubleshooting
    • Quick start guides
      • Getting started with Windows LAPS and Lithnet Access Manager
      • Getting started with Windows LAPS for Active Directory
      • Getting started with Windows LAPS for Microsoft Entra
      • Getting started with RapidLAPS
    • Product lifecycle
    • Choosing between the Lithnet and Microsoft agent for LAPS
    • Support Articles
      • KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error
      • KB000002: Users retain their admin rights after their JIT period expires
      • KB000003: Configuring the Access Manager Agent to manage an account other than 'root' on Linux
      • KB000004: Creating a log file to troubleshoot installation issues with the Access Manager Service
      • KB000005: Access Manager stops working after applying the November 2022 Windows update
      • KB000006: Migrating the Access Manager Database
      • KB000007: Adding JIT groups via Group Policy doesn't work with NTLM Disabled
      • KB000008: AMS is unable to JIT into privileged groups such as Domain Admins
      • KB000009: Access Manager may return an out-of-date LAPS password, or no password at all
      • KB000010: The Access Manager agents fail to register on macOS 15 (Sequoia)
      • KB000011: Users report delays in obtaining just-in-time access via AD
      • KB000012: Troubleshooting Windows authentication in the Access Manager Web App
      • KB000013: Access Manager cannot be installed on Windows Server 2016 with TLS 1.0 disabled
    • Advanced help topics
      • Creating an Entra app registration or Access Manager
      • Setting up agent policies
      • Managing word lists
      • Password history retention
      • Ports and traffic flows
      • Internet access requirements
      • Access evaluation in Access Manager Service (AMS)
      • Recovering from a lost encryption certificate
      • Script-based authorization
      • Customized auditing with PowerShell notification channels
      • Variables available in audit notification channels
      • Setting up audit templates
      • Backup and Restore
      • Event ID reference
      • Group policy configuration
    • PowerShell reference
      • Add-AmsDeviceRegistrationKeyGroup
      • Add-AmsGroupMember
      • Add-AmsIdpClaimMapping
      • Clear-AmsIdpClaimMapping
      • Export-AmsServerDiagnostics
      • Get-AmsActiveDirectoryJitOptions
      • Get-AmsActiveDirectoryJitGroupCreationRule
      • Get-AmsComputerAuthorizationRule
      • Get-AmsDevice
      • Get-AmsDeviceRegistrationKey
      • Get-AmsFveRecoveryKey
      • Get-AmsGroup
      • Get-AmsGroupMembers
      • Get-AmsHostConfig
      • Get-AmsIdpClaimMapping
      • Get-AmsJitSchedulerJob
      • Get-AmsLocalAdminPassword
      • Get-AmsLocalAdminPasswordHistory
      • Get-AmsRoleAuthorizationRule
      • Get-AmsServiceConfig
      • New-AmsActiveDirectoryJitGroupCreationRule
      • New-AmsComputerAuthorizationRule
      • New-AmsDeviceRegistrationKey
      • New-AmsGroup
      • New-AmsRoleAuthorizationRule
      • Remove-AmsActiveDirectoryJitGroupCreationRule
      • Remove-AmsComputerAuthorizationRule
      • Remove-AmsDevice
      • Remove-AmsDeviceRegistrationKey
      • Remove-AmsDeviceRegistrationKeyGroup
      • Remove-AmsGroup
      • Remove-AmsGroupMember
      • Remove-AmsJitSchedulerJob
      • Remove-AmsRoleAuthorizationRule
      • Set-AmsActiveDirectoryJitGroupCreationRule
      • Set-AmsActiveDirectoryJitOptions
      • Set-AmsComputerAuthorizationRule
      • Set-AmsDevice
      • Set-AmsDeviceRegistrationKey
      • Set-AmsGroup
      • Set-AmsHostConfig
      • Set-AmsRoleAuthorizationRule
      • Set-AmsServiceConfig
    • Application help pages
      • Host configuration page
      • App Configuration
        • AMS License configuration page
        • Authentication configuration page
        • Email configuration page
        • Rate limit configuration page
        • IP Address detection configuration page
        • User interface configuration page
        • Auditing page
        • Security page
        • Database configuration page
      • Access Manager Agent
        • Access Manager Agent - Agent registration page
        • Agent Policies
          • Access Manager Agent - Windows polices page
          • Access Manager Agent - macOS polices page
          • Access Manager Agent - Linux polices page
          • Access Manager Agent - Legacy AMSv2 policies page
        • Access Manager Agent - Password settings page
        • Access Manager Agent - Devices page
        • Access Manager Agent - Groups page
      • Directory Configuration
        • Active Directory configuration page
          • Microsoft LAPS configuration page
          • Lithnet LAPS configuration page (Active Directory)
          • Just-in-time access configuration page
          • BitLocker configuration page
        • Microsoft Entra configuration page
      • Authorization Rules
        • Computer authorization rules page
        • Role authorization rules page
      • Effective access page
    • Getting Support
Powered by GitBook
On this page
  • SYNOPSIS
  • SYNTAX
  • None (Default)
  • EnableApprovalRequired
  • EnableApprovalNotRequired
  • DisableApprovalRequired
  • DisableApprovalNotRequired
  • DESCRIPTION
  • EXAMPLES
  • Example 1
  • Example 2
  • PARAMETERS
  • -ActivationLimit
  • -ApprovalNotRequired
  • -ApprovalRequired
  • -Disable
  • -Enable
  • -Id
  • -Name
  • -ResetActivationCount
  • CommonParameters
  • INPUTS
  • System.String
  • OUTPUTS
  • Lithnet.AccessManager.PowerShell.RegistrationKeyPSObject
  • NOTES
  • RELATED LINKS

Was this helpful?

  1. Help and support
  2. PowerShell reference

Set-AmsDeviceRegistrationKey

SYNOPSIS

Sets the properties of a device registration key

SYNTAX

None (Default)

Set-AmsDeviceRegistrationKey -Id <String> [-Name <String>] [-ActivationLimit <Int32>] [-ResetActivationCount]
 [<CommonParameters>]

EnableApprovalRequired

Set-AmsDeviceRegistrationKey -Id <String> [-Name <String>] [-Enable] [-ActivationLimit <Int32>]
 [-ApprovalRequired] [-ResetActivationCount] [<CommonParameters>]

EnableApprovalNotRequired

Set-AmsDeviceRegistrationKey -Id <String> [-Name <String>] [-Enable] [-ActivationLimit <Int32>]
 [-ApprovalNotRequired] [-ResetActivationCount] [<CommonParameters>]

DisableApprovalRequired

Set-AmsDeviceRegistrationKey -Id <String> [-Name <String>] [-Disable] [-ActivationLimit <Int32>]
 [-ApprovalRequired] [-ResetActivationCount] [<CommonParameters>]

DisableApprovalNotRequired

Set-AmsDeviceRegistrationKey -Id <String> [-Name <String>] [-Disable] [-ActivationLimit <Int32>]
 [-ApprovalNotRequired] [-ResetActivationCount] [<CommonParameters>]

DESCRIPTION

This cmdlet allows you to set the properties of a device registration key

EXAMPLES

Example 1

PS C:\> Set-AmsDeviceRegistrationKey -Id 'b88313dd-fafb-406f-8909-cac0c17c58e3' -Name "My new name" -ResetActivationCount

Changes the name of an activation key and resets its activation count

Example 2

PS C:\> Get-AmsDeviceRegistrationKey -Name "Head office device key" | Set-AmsDeviceRegistrationKey -Disable

Gets a registration key by its name and disables it.

PARAMETERS

-ActivationLimit

Specifies the number of times the key can be used

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApprovalNotRequired

Specifies that devices can register without additional approval

Type: SwitchParameter
Parameter Sets: EnableApprovalNotRequired, DisableApprovalNotRequired
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ApprovalRequired

Specifies that administrator approval is required for devices using this key

Type: SwitchParameter
Parameter Sets: EnableApprovalRequired, DisableApprovalRequired
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Disable

Indicates if the key should be disabled

Type: SwitchParameter
Parameter Sets: DisableApprovalRequired, DisableApprovalNotRequired
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Enable

Indicates if the key should be enabled

Type: SwitchParameter
Parameter Sets: EnableApprovalRequired, EnableApprovalNotRequired
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Id

The ID of the key

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Name

The name of the key

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ResetActivationCount

Specifies if the activation count of this key should be reset

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

INPUTS

System.String

OUTPUTS

Lithnet.AccessManager.PowerShell.RegistrationKeyPSObject

NOTES

Use of this cmdlet requires an Enterprise Edition license.

RELATED LINKS

PreviousSet-AmsDeviceNextSet-AmsGroup

Last updated 10 months ago

Was this helpful?

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see .

about_CommonParameters