Permissions Add-on for SCCM Powershell Module
Powershell: This is an add-on module for the one from here: http://www.snowland.se/sccm-posh/. It requires you knowing the masking permissions and object keys: http://msdn.microsoft.com/en-us/library/cc145535.aspx.
[powershell] Function New-SCCMInstancePermission {< # .Synopsis Creates a Instance Permission Using WMI SMS_UserInstancePermissions Class. .Description Creates a Instance Permission Using WMI SMS_UserInstancePermissions Class. .Parameter SccmServer SCCM Server Object created using Connect-SCCMServer function. .Parameter InstanceID InstanceID of the of the object you want to delegate permissions to. .Parameter InstancePermission Permissions (in mask form) to be delegated permissions. .Parameter ObjectKey ObjectKey representing the class of the object you want to delegate permissions to. .Parameter UserName Name of the of the User or Group you want to delegate permissions to. .Example PS> New-SCCMInstancePermission -SccmServer $Server -InstanceID SMS00001 -InstancePermission 1 -ObjectKey 1 -UserName “Domain\Authenticated Users”
Grants Read (InstancePermission=1) permissions to “Domain\Authenticated Users” on the “All Systems” (InstanceID=SMS00001) Collection (ObjectKey=1).
.Example
PS> New-SCCMInstancePermission -SccmServer $Server -InstanceID NCS0001B -InstancePermission 52435687 -ObjectKey 1 -UserName “Domain\Dept-OU Admins”
Grants all available Collection Permissions {Advertise, Delete, Delete Resource, Manage management controllers, Modify, Modify collection setting, Modify resource, Read, Read resource, Use remote tools, View collected files, View management controllers} (InstancePermission=52435687) permissions to “Domain\Dept-OU Admins” on the 27th created (InstanceID=NCS0001B) Collection (ObjectKey=1) in the SITE named NCS.
.Link
about_functions
about_functions_advanced
about_functions_advanced_methods
about_functions_advanced_parameters
.Notes
NAME: New-SCCMInstancePermission
AUTHOR: Billy Beaudoin
LASTEDIT: 08/01/2011
#>
[CmdletBinding()]
PARAM (
[Parameter(Mandatory=$true, HelpMessage=”SCCM Server”)][Alias(“Server”,”SmsServer”)][System.Object] $SccmServer,
[Parameter(Mandatory=$true, HelpMessage=”InstanceID”, ValueFromPipeline=$true)][String] $InstanceID,
[Parameter(Mandatory=$true, HelpMessage=”InstancePermission”)] [ValidateRange(0, 52435687)] [int] $InstancePermission,
[Parameter(Mandatory=$true, HelpMessage=”ObjectKey”)] [ValidateRange(1, 26)] [int] $ObjectKey,
[Parameter(Mandatory=$true, HelpMessage=”UserName”)] [String] $UserName
)
PROCESS {
# Build the parameters for creating the instance permission
$permClass = [WMICLASS]”\\$($SccmServer.Machine)\$($SccmServer.Namespace):SMS_UserInstancePermissions”
$newPerm = $permClass.createInstance()
$newPerm.InstanceKey = $InstanceID
$newPerm.InstancePermissions = $InstancePermission
$newPerm.ObjectKey = $ObjectKey
$newPerm.UserName = $UserName
$newPerm.Put()
Write-Verbose “Return the new permission with ID $($InstanceID)”
return $newPerm
}
}
Function New-SCCMClassPermission {
< #
.Synopsis
Creates a Class Permission Using WMI SMS_UserClassPermissions Class.
.Description
Creates a Class Permission Using WMI SMS_UserClassPermissions Class.
.Parameter SccmServer
SCCM Server Object created using Connect-SCCMServer function.
.Parameter ClassPermission
Permissions (in mask form) to be delegated permissions.
.Parameter ObjectKey
ObjectKey representing the class you want to delegate permissions to.
.Parameter UserName
Name of the of the User or Group you want to delegate permissions to.
.Example
PS> New-SCCMClassPermission -SccmServer $Server -ClassPermission 1 -ObjectKey 1 -UserName “Domain\Authenticated Users”
Grants Read (ClassPermission=1) permissions to “Domain\Authenticated Users” on Collections (ObjectKey=1).
.Example
PS> New-SCCMClassPermission -SccmServer $Server -ClassPermission 52445159 -ObjectKey 1 -UserName “Domain\Dept-OU Admins”
Grants all available Collection Permissions {Administer, Advertise, Create, Delegate, Delete, Delete Resource, Manage management controllers, Modify, Modify collection setting, Modify resource, Read, Read resource, Use remote tools, View collected files, View management controllers} (ClassPermission=52445159) permissions to “Domain\Dept-OU Admins” on Collections (ObjectKey=1).
.Link
about_functions
about_functions_advanced
about_functions_advanced_methods
about_functions_advanced_parameters
.Notes
NAME: New-SCCMClassPermission
AUTHOR: Billy Beaudoin
LASTEDIT: 08/01/2011
#>
[CmdletBinding()]
PARAM (
[Parameter(Mandatory=$true, HelpMessage=”SCCM Server”)][Alias(“Server”,”SmsServer”)][System.Object] $SccmServer,
[Parameter(Mandatory=$true, HelpMessage=”ClassPermission”)] [ValidateRange(0, 201335041)] [int] $ClassPermission,
[Parameter(Mandatory=$true, HelpMessage=”ObjectKey”)] [ValidateRange(1, 26)] [int] $ObjectKey,
[Parameter(Mandatory=$true, HelpMessage=”UserName”)] [String] $UserName
)
PROCESS {
# Build the parameters for creating the class permission
$permClass = [WMICLASS]”\\$($SccmServer.Machine)\$($SccmServer.Namespace):SMS_UserClassPermissions”
$newPerm = $permClass.createInstance()
$newPerm.ClassPermissions = $ClassPermission
$newPerm.ObjectKey = $ObjectKey
$newPerm.UserName = $UserName
$newPerm.Put()
Write-Verbose “Return the new permission with Class $($ObjectKey)”
return $newPerm
}
}
Function Get-SCCMClassPermission {
< #
.Synopsis
Gets Class Permissions Using WMI SMS_UserClassPermissionsNames Class.
.Description
Gets Class Permissions Using WMI SMS_UserClassPermissionsNames Class using at least of the ObjectKey, Username, or Permission.
.Parameter SccmServer
SCCM Server Object created using Connect-SCCMServer function.
.Parameter Permission
Permissions (in English) to search on.
.Parameter ObjectKey
ObjectKey representing the class you want to search on.
.Parameter UserName
Name of the of the User or Group you want to search on. Note the double backslash.
.Example
PS> Get-SCCMClassPermission -SccmServer $SCCM -UserName “NT AUTHORITY\\SYSTEM”
Lists all class permissions delegated to “NT AUTHORITY\SYSTEM”.
.Example
PS> Get-SCCMClassPermission -SccmServer $SCCM -ObjectKey 1
Lists all class permissions delegated on the Collection Class.
.Example
PS> Get-SCCMClassPermission -SccmServer $SCCM -ObjectKey 2 -Permission “Read”
Lists all “Read” class permissions delegated on Packages.
.Example
PS> Get-SCCMClassPermission -SccmServer $SCCM -ObjectKey 3 -UserName “NT AUTHORITY\\SYSTEM”
Lists the class permissions delegated to “NT AUTHORITY\SYSTEM” on Advertisements.
.Link
about_functions
about_functions_advanced
about_functions_advanced_methods
about_functions_advanced_parameters
.Notes
NAME: Get-SCCMClassPermission
AUTHOR: Billy Beaudoin
LASTEDIT: 08/01/2011
#>
[CmdletBinding()]
PARAM (
[Parameter(Mandatory=$true, HelpMessage=”SCCM Server”)][Alias(“Server”,”SmsServer”)][System.Object] $SccmServer,
[Parameter(Mandatory=$false, HelpMessage=”ObjectKey”)] [ValidateRange(1, 26)] [int] $ObjectKey = 0,
[Parameter(Mandatory=$false, HelpMessage=”Permission”)] [String] $Permission = “”,
[Parameter(Mandatory=$false, HelpMessage=”UserName”)] [String] $UserName = “”
)
PROCESS {
# Build the parameters for reading the class permission
if($UserName -eq “” -and $Permission -eq “”){
return Get-SCCMObject -SccmServer $SccmServer -class SMS_UserClassPermissionNames -Filter “ObjectKey = ‘$ObjectKey'” | Select-Object UserName, PermissionName | Sort-Object UserName | Out-Default
}
elseif($ObjectKey -eq 0 -and $Permission -eq “”){
return Get-SCCMObject -SccmServer $SccmServer -class SMS_UserClassPermissionNames -Filter “UserName = ‘$UserName'” | Select-Object UserName, ObjectKey, PermissionName | Sort-Object ObjectKey | Out-Default
}
elseif($ObjectKey -eq 0 -and $UserName -eq “”){
return Get-SCCMObject -SccmServer $SccmServer -class SMS_UserClassPermissionNames -Filter “PermissionName = ‘$Permission'” | Select-Object UserName, ObjectKey, PermissionName | Sort-Object ObjectKey | Out-Default
}
elseif($UserName -eq “”){
return Get-SCCMObject -SccmServer $SccmServer -class SMS_UserClassPermissionNames -Filter “PermissionName = ‘$Permission’ AND ObjectKey = ‘$ObjectKey'” | Select-Object UserName | Out-Default
}
elseif($Permission -eq “”){
return Get-SCCMObject -SccmServer $SccmServer -class SMS_UserClassPermissionNames -Filter “UserName = ‘$UserName’ AND ObjectKey = ‘$ObjectKey'” | Select-Object PermissionName | Out-Default
}
elseif($ObjectKey -eq 0){
return Get-SCCMObject -SccmServer $SccmServer -class SMS_UserClassPermissionNames -Filter “PermissionName = ‘$Permission’ AND UserName = ‘$UserName'” | Select-Object ObjectKey | Out-Default
}
}
}
[/powershell]