Public/SecurityManagement.ps1
|
Function Add-RoleMembers { <# .SYNOPSIS Add members to a security role. .PARAMETER roleGuid The guid of the role to add to. .PARAMETER memberNames A comma-seperated list of names to be added to the role. A name may be either (1) a fully qualified Windows credential name including both the domain and user name, such as DOMAIN\User, OR (2) an SMP User name. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string roleGuid = "7644e630-27ab-4d5e-9ce3-f2b3fff6a167"; string names = "DOMAIN\User1, DOMAIN\User2"; bool success = m_proxy.AddRoleMembers(roleGuid, names); CopyVBScript roleGuid = "7644e630-27ab-4d5e-9ce3-f2b3fff6a167" names = "DOMAIN\User1, SomeSmpUser" success = securityManagement.AddRoleMembers(roleGuid, names) Copy? AltirisASDKNS.exe cmd:AddRoleMembers roleGuid:"7644e630-27ab-4d5e-9ce3-f2b3fff6a167" memberNames:"DOMAIN\User1, " Remarks The CLI is being deprecated. Please see the CLI Programming Guide. .NOTES IMPORTANT: A Windows credential can only be added to a role if that credential has previously been associated with an SMP User account. Make sure that each Windows credential has an associated SMP User account before attempting to add it to a role. (This can be done in the SMP Console through the "Add Credentials" button for the SMP User.) If any name in the list is not found in the database, the name is not added to the role. Remaining names may still be added. To find out if a name was not added, check the return value of the API - false indicates one or more names failed. Then check the log (Warning level) to see which names failed. #> param ( [Parameter(Mandatory=$true)] [string]$roleGuid, [Parameter(Mandatory=$true)] [string]$memberNames, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleGuid = $roleGuid memberNames = $memberNames } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/AddRoleMembers" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Add-RolePrivileges { <# .SYNOPSIS Add privileges to a security role. .PARAMETER roleGuid Guid of the security role. .PARAMETER privilegeNames A comma-seperated list of privilege names to add to the role. The privilegeNames parameter takes those privileges as they are seen in the console under the role management. They are not case sensitive. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string roleGuid = "c1a02088-b36a-4e32-8b86-2a22a947d2317"; string names = "Create Reports, Import XML"; bool success = m_proxy.AddRolePrivileges(roleGuid, names); CopyVBScript roleGuid = "c1a02088-b36a-4e32-8b86-2a22a947d2317" names = "Create Reports, Import XML" success = securityManagement.AddRolePrivileges(roleGuid, names) Copy? AltirisASDKNS.exe cmd:AddRolePrivileges roleGuid:"c1a02088-b36a-4e32-8b86-2a22a947d2317" privilegeNames:"Create Reports, Import XML" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. .NOTES If any privileges in the list is not found in the database, the privileges is not added to the role. Remaining privileges may still be added. To find out if a privilege was not added, check the return value of the API - false indicates one or more privileges failed. Then check the log (Warning level) to see which privileges failed. #> param ( [Parameter(Mandatory=$true)] [string]$roleGuid, [Parameter(Mandatory=$true)] [string]$privilegeNames, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleGuid = $roleGuid privilegeNames = $privilegeNames } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/AddRolePrivileges" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Set-ItemOwnership { <# .SYNOPSIS Sets the ownership of the item to the requested user. .PARAMETER itemGuid Guid of the item to set. .PARAMETER userName Name of the SMP User to assign ownership of the item to. This name must be an SMP User, not a Windows credential. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string itemGuid = "65bb6c45-b013-4599-96dd-32a955404ed5"; string name = @"My SMP Account"; bool success = m_proxy.AssignItemOwnership(itemGuid, name); CopyVBScript itemGuid = "65bb6c45-b013-4599-96dd-32a955404ed5" name = "My SMP Account" success = securityManagement.AssignItemOwnership(itemGuid, name) Copy? AltirisASDKNS.exe cmd:AssignItemOwnership itemGuid:"65bb6c45-b013-4599-96dd-32a955404ed5" userName:"My SMP Account" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. .NOTES The calling user must have permissions to make change security changes. The requested user must have permissions to take ownership of items. #> param ( [Parameter(Mandatory=$true)] [string]$itemGuid, [Parameter(Mandatory=$true)] [string]$userName, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ itemGuid = $itemGuid userName = $userName } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/AssignItemOwnership" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function New-Role { <# .SYNOPSIS Creates a new security role in the NS database. .PARAMETER roleName The name of the role. .PARAMETER roleDescription A description of the role. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string roleGuid = m_proxy.CreateNewRole("New Role", "New Role description"); CopyVBScript roleGuid = securityManagement.CreateNewRole("New Role", "New Role description") Copy? AltirisASDKNS.exe cmd:CreateNewRole roleName:"New Role" roleDescription:"New Role description" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. #> param ( [Parameter(Mandatory=$true)] [string]$roleName, [Parameter(Mandatory=$true)] [string]$roleDescription, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleName = $roleName roleDescription = $roleDescription } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/CreateNewRole" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Remove-Role { <# .SYNOPSIS Removes a security role in the NS database. .PARAMETER roleGuid The guid of the role. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. m_proxy.DeleteRole(roleGuid); CopyVBScript call securityManagement.DeleteRole(roleGuid) Copy? rem This must be an existing role guid. set roleGuid="30a14442-3070-484d-ab97-1b6df7aa040a" AltirisASDKNS.exe cmd:DeleteRole roleGuid:%roleGuid% Remarks The CLI is being deprecated. Please see the CLI Programming Guide. #> param ( [Parameter(Mandatory=$true)] [guid]$roleGuid, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleGuid = $roleGuid } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/DeleteRole" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Disable-PermissionInheritance { <# .SYNOPSIS Set the item to not inherit permissions from its parent object. .PARAMETER itemGuid The guid of the item to set. .PARAMETER actionFlag The action to take when removing inheritance. 1=Remove inherited permissions, 2=Copy inherited permissions. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string itemGuid = "e0b1fe6c-b0c2-448f-adfa-4cb975ad8bc2"; bool success = m_proxy.DisablePermissionInheritance(itemGuid, 1); CopyVBScript itemGuid = "e0b1fe6c-b0c2-448f-adfa-4cb975ad8bc2" success = itemManagement.DisablePermissionInheritance(itemGuid, 1) Copy? AltirisASDKNS.exe cmd:DisablePermissionInheritance itemGuid:"e0b1fe6c-b0c2-448f-adfa-4cb975ad8bc2" actionFlag:1 Remarks The CLI is being deprecated. Please see the CLI Programming Guide. #> param ( [Parameter(Mandatory=$true)] [string]$itemGuid, [Parameter(Mandatory=$true)] [int]$actionFlag, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ itemGuid = $itemGuid actionFlag = $actionFlag } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/DisablePermissionInheritance" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Enable-PermissionInheritance { <# .SYNOPSIS Set the item to inherit permissions from its parent object. .PARAMETER itemGuid The guid of the item to set. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string itemGuid = "e0b1fe6c-b0c2-448f-adfa-4cb975ad8bc2"; bool success = m_proxy.EnablePermissionInheritance(itemGuid); CopyVBScript itemGuid = "e0b1fe6c-b0c2-448f-adfa-4cb975ad8bc2" success = itemManagement.EnablePermissionInheritance(itemGuid) Copy? AltirisASDKNS.exe cmd:EnablePermissionInheritance itemGuid:"e0b1fe6c-b0c2-448f-adfa-4cb975ad8bc2" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. #> param ( [Parameter(Mandatory=$true)] [string]$itemGuid, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ itemGuid = $itemGuid } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/EnablePermissionInheritance" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Find-RoleByName { <# .SYNOPSIS This method will allow you to find a role by its name. .PARAMETER roleName The name of the role. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string roleGuid = m_proxy.FindRoleByName("Existing Role Name"); CopyVBScript roleGuid = securityManagement.FindRoleByName("Existing Role Name") Copy? AltirisASDKNS.exe cmd:FindRoleByName roleName:"Existing Role Name" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. #> param ( [Parameter(Mandatory=$true)] [string]$roleName, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleName = $roleName } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/FindRoleByName" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Remove-RoleMembers { <# .SYNOPSIS Remove members from a security role. .PARAMETER roleGuid The guid of the role to remove from. .PARAMETER memberNames A comma-seperated list of names to be removed from the role. A name may be either (1) a fully qualified Windows credential name including both the domain and user name, such as DOMAIN\User, OR (2) an SMP User name. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string roleGuid = "7644e630-27ab-4d5e-9ce3-f2b3fff6a167"; string names = "DOMAIN\User1, SomeSmpUser"; bool success = m_proxy.RemoveRoleMembers(roleGuid, names); CopyVBScript roleGuid = "7644e630-27ab-4d5e-9ce3-f2b3fff6a167" names = "DOMAIN\User1, SomeSmpUser" success = securityManagement.RemoveRoleMembers(roleGuid, names) Copy? AltirisASDKNS.exe cmd:RemoveRoleMembers roleGuid:"7644e630-27ab-4d5e-9ce3-f2b3fff6a167" memberNames:"DOMAIN\User1, SomeSmpUser" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. .NOTES NOTE: A Windows credential can only be removed from a role if that credential has previously been associated with an SMP User account. Make sure that each Windows credential has an associated SMP User account before attempting to remove it from a role. (This can be verified in the SMP Console under the "Credentials" heading for the SMP User.) If any name in the list is not found in the database, the name is not removed from the role. Remaining names may still be removed. To find out if a name was not removed, check the return value of the API - false indicates one or more names failed. Then check the log (Warning level) to see which names failed. #> param ( [Parameter(Mandatory=$true)] [string]$roleGuid, [Parameter(Mandatory=$true)] [string]$memberNames, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleGuid = $roleGuid memberNames = $memberNames } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/RemoveRoleMembers" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } Function Remove-RolePrivileges { <# .SYNOPSIS Remove privileges from a security role. .PARAMETER roleGuid Guid of the security role. .PARAMETER privilegeNames A comma-seperated list of privilege names to remove from the role. The privilegeNames parameter takes those privileges as they are seen in the console under the role management. They are not case sensitive. .EXAMPLE CopyC# // See SecurityManagementLib Overview for an example of setting up m_proxy. string roleGuid = "c1a02088-b36a-4e32-8b86-2a22a947d2317"; string names = "Create Reports, Import XML"; bool success = m_proxy.RemoveRolePrivileges(roleGuid, names); CopyVBScript roleGuid = "c1a02088-b36a-4e32-8b86-2a22a947d2317" names = "Create Reports, Import XML" success = securityManagement.RemoveRolePrivileges(roleGuid, names) Copy? AltirisASDKNS.exe cmd:RemoveRolePrivileges roleGuid:"c1a02088-b36a-4e32-8b86-2a22a947d2317" privilegeNames:"Create Reports, Import XML" Remarks The CLI is being deprecated. Please see the CLI Programming Guide. .NOTES If any privileges in the list is not found in the database, the privileges is not removed from the role. Remaining privileges may still be removed. To find out if a privilege was not removed, check the return value of the API - false indicates one or more privileges failed. Then check the log (Warning level) to see which privileges failed. #> param ( [Parameter(Mandatory=$true)] [string]$roleGuid, [Parameter(Mandatory=$true)] [string]$privilegeNames, [Parameter(Mandatory=$true)] [string]$Server, [PSCredential]$Credential ) $Body = @{ roleGuid = $roleGuid privilegeNames = $privilegeNames } $WebServiceUrl = "altiris/ASDK.NS/SecurityManagementService.asmx/RemoveRolePrivileges" if($Credential) { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -Credential $Credential } else { Invoke-RestMethod -Uri "https://$Server/$WebServiceUrl" -Method Post -Body $Body -UseDefaultCredentials } } |