Forum / Remote Desktop Manager - PowerShell Repository

PowerShell cmdlet to edit Group permissions

  • Create an Issue
  • Cancel

I am trying to find a cmdlet that will set custom user permissions on a group without using Security Groups. I have no issues when doing this through the GUI. However, I have a lot of these to set up, so it would be easier if I could script that process.

I'm configuring this by editing the Group, going to Security > Permissions, changing Permission to Custom, and under the General tab, setting View to Custom and then choosing the user accounts that need to have access to the folder and its contents.


Currently, the closest cmdlet I could find was Set-RDMUserGroupRights, but that only seems to be for when you are using Security Groups.

Does this functionality exist for the PowerShell module, or is this something that you can add?

Clock3 yrs

It looks like I solved my own problem here. It appears that there is a way to do this with the existing cmdlet set. Not knowing a lot about PowerShell, I started doing some digging. Here's what I found:

I tested the output of the Get-RDMSession cmdlet to get information for one of my groups. Looking through all of the properties, I found this line:

Security : RemoteDesktopManager.PowerShellModule.PSOutputObject.PSSecurityConnection

So, I decided to run this:

$group = Get-RDMSession -GroupName "AnyGroupNameHere"
$group.Security

This is the output I got:


PasswordComplexityUsageOverride : Default
PasswordComplexityValidationOverride : Default
RoleOverride : Custom
ViewOverride : Custom
PasswordComplexityCustomMinimumLength : 0
PasswordComplexityCustomMinimumLowerCase : 0
PasswordComplexityCustomMinimumNumeric : 0
PasswordComplexityCustomMinimumSymbol : 0
PasswordComplexityCustomMinimumUpperCase : 0
PasswordComplexityId :
ViewRoles : {U01\DM01INS01|u, U01\DM01ST01|u, U01\DM01ST02|u, U01\DM01ST03|u...}
Permissions : {}


At this point, it started becoming clear what I needed to do so this is what I did to test out my theory:

$newGroup = New-RDMSession -Group "TEST1" -Name TEST1 -Type Group
$newGroup.Security.RoleOverride = "Custom"
$newGroup.Security.ViewOverride = "Custom"
$newGroup.Security.ViewRoles = "U01\DM01INS01|u"

Now to confirm that this worked:

$newGroup.Security


IsEmpty : False
PasswordComplexityCustomMinimumLength : 0
PasswordComplexityCustomMinimumLowerCase : 0
PasswordComplexityCustomMinimumNumeric : 0
PasswordComplexityCustomMinimumSymbol : 0
PasswordComplexityCustomMinimumUpperCase : 0
PasswordComplexityId :
PasswordComplexityUsageOverride : Default
PasswordComplexityValidationOverride : Default
Permissions : {}
RoleOverride : Custom
ViewOverride : Custom
ViewRoles : {U01\DM01INS01|u}
Cid : cbf59d85-5aee-4f50-a748-b2624abc2185


This worked like a charm! Not very intuitive for someone that doesn't know a lot about PowerShell, but I learned something new today.

Hopefully this information can help someone else out.smile

Clock3 yrs

A new problem has come up regarding this:

I find that when adding more than one element to the ViewRoles option, it only adds the first item and leaves the rest out. For example:

# Create student accounts in RDM for the INSTRUCTOR DB data source.

$userData = $stationsCsv | Where-Object {$_.Type -eq 'JBVM' -and $_.Station -ne 'inst'}
$users = @()
foreach($userRow in $userData) {
$user = $($userRow.Username)
$station = $($userRow.Station)
$userName = "$dc1\$user"
$userList = $userName + "|u"
$rdmUser = New-RDMUser -Login $userName -IntegratedSecurity
Set-RDMUser -User $rdmUser
$users += $userList
}
$rdmUserList = [String]::Join(', ', $users)
$rdmUserList


The result of $rdmUserList:
U01\DNNH01ST01|u, U01\DNNH01ST02|u, U01\DNNH01ST03|u, U01\DNNH01ST04|u

Then I do this:


# Create main class group folder and add permissions.
$type = "Group"
$newClassGroup = New-RDMSession -Group $class -Name $class -Type $type
$newClassGroup.Security.RoleOverride = "Custom"
$newClassGroup.Security.ViewOverride = "Custom"
$newClassGroup.Security.ViewRoles = "$rdmUserList"
Set-RDMSession $newClassGroup


The result in RDM after a refresh is that the View permissions are only set to U01\DNNH01ST01 and the other users do not exist. If I get the information in Powershell, this is what I see:


PS Microsoft.PowerShell.Core\FileSystem::\\10.206.1.150\Training_Solutions\DNNH1> $newClassGroup.Security


IsEmpty : False
PasswordComplexityCustomMinimumLength : 0
PasswordComplexityCustomMinimumLowerCase : 0
PasswordComplexityCustomMinimumNumeric : 0
PasswordComplexityCustomMinimumSymbol : 0
PasswordComplexityCustomMinimumUpperCase : 0
PasswordComplexityId :
PasswordComplexityUsageOverride : Default
PasswordComplexityValidationOverride : Default
Permissions : {}
RoleOverride : Custom
ViewOverride : Custom
ViewRoles : {U01\DNNH01ST01|u, U01\DNNH01ST02|u, U01\DNNH01ST03|u, U01\DNNH01ST04|u}
Cid : 5a7ce5ad-e929-4e7a-a09a-e91eefd5cb61

Why is this not being applied to the folder properly?

Clock3 yrs

Hello,

The ViewRoles property must be an array of strings, not just a string.

So, in your script, just set the ViewRoles property with the $users variable. You do not have to join the user list into a single string.

$newClassGroup.Security.ViewRoles = $users

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs