function New-MachineConfigMachineKeys {
    <#
.SYNOPSIS
    Add new MachineKey nodes to machine.config
#>
    [CmdletBinding()]
    Param()

    $logLead = Get-LogLeadName

    [XML]$machineConfig = Read-MachineConfig
    [System.Xml.XmlElement]$configRoot = $machineConfig.configuration
    $machineConfigIsDirty = $false

    $config = $configRoot.SelectSingleNode("//system.web")
    $machineKeyNode = $config.SelectSingleNode("//machineKey")

    if ($null -eq $machineKeyNode) {
        Write-Host "$logLead : Creating machineKey Node"
        $machineKeyNode = $machineConfig.CreateElement("machineKey")
        $config.AppendChild($machineKeyNode) | Out-Null
    }

    if ($null -eq $machineKeyNode.Attributes["validationKey"] -or [String]::IsNullOrEmpty($machineKeyNode.Attributes["validationKey"].Value)) {
        $newKey = Get-MachineKeyValidationKey
        Write-Verbose ("$logLead : Setting validationKey to {0}" -f $newKey)
        $machineKeyNode.SetAttribute("validationKey", $newKey);
        $machineConfigIsDirty = $true
    } else {
        # Prefer the existing value if it exists to avoid modifying the machine.config unnecessarily
        Write-Warning "$logLead : A validation key is already set in the machine.config.  Manually verify that the value is identical across the app\web tier servers"
    }

    if ($null -eq $machineKeyNode.Attributes["decryptionKey"] -or [String]::IsNullOrEmpty($machineKeyNode.Attributes["decryptionKey"].Value)) {
        $newKey = Get-MachineKeyDecryptionKey
        Write-Verbose ("$logLead : Setting decryptionKey to {0}" -f $newKey)
        $machineKeyNode.SetAttribute("decryptionKey", $newKey);
        $machineConfigIsDirty = $true
    } else {
        # Prefer the existing value if it exists to avoid modifying the machine.config unnecessarily
        Write-Warning "$logLead : A decryptionKey key is already set in the machine.config.  Manually verify that the value is identical across the app\web tier servers"
    }

    if ($machineKeyNode.Attributes["decryption"].Value -ne $decryptionMethod) {
        Write-Verbose ("$logLead : Setting decryption to {0}" -f $decryptionMethod)
        $machineKeyNode.SetAttribute("decryption", $decryptionMethod);
        $machineConfigIsDirty = $true
    }

    if ($machineConfigIsDirty) {
        Write-Host "$logLead : Saving Modified machine.config"
        $machineConfig.Save($machineConfigPath)
    } else {
        Write-Host "$logLead : No changes required to the machine.config"
    }
}

Set-Alias -name Create-MachineConfigMachineKeys -value New-MachineConfigMachineKeys;