Remove-CMObjectSecurityScope
Remove a security scope from a Configuration Manager object.
Syntax
Remove-CMObjectSecurityScope
[-Force]
-InputObject <IResultObject[]>
[-Scope] <IResultObject[]>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-CMObjectSecurityScope
[-Force]
-Id <String>
-InputObject <IResultObject[]>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-CMObjectSecurityScope
[-Force]
-InputObject <IResultObject[]>
[-Name] <String>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Use this cmdlet to remove one or more security scopes from a Configuration Manager object.
For more information on security scopes, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Remove a security scope from an application
The first command gets the security scope named Scope1 and stores the object in the $Scope variable.
The second command gets all application objects whose name begins with "Central". It then uses the pipeline operator to pass the objects to Remove-CMObjectSecurityScope.
The last command removes the security scope from each of the application objects. The Force parameter indicates that you're not prompted before the cmdlet runs.
$Scope = Get-CMSecurityScope -Name "Scope1"
$apps = Get-CMApplication -Name "Central*"
$app | Remove-CMObjectSecurityScope -Scope $Scope -ForceExample 3: Add a new security scope then remove all others from application object
The first command gets a security scope in variable TeamABCScope. The second command gets an app object for Edge Enterprise Stable. The third command adds the new TeamABCScope to the app. The last command gets scopes from the app that aren't TeamABCScope, and then removes them all.
$ScopeName = "Team ABC"
$TeamABCScope = Get-CMSecurityScope | Where-Object {$_.CategoryName -eq $ScopeName}
$app = Get-CMApplication -Name "Edge Enterprise Stable"
Add-CMObjectSecurityScope -InputObject $app -Scope $TeamABCScope
$scopes = Get-CMObjectSecurityScope -InputObject $app | Where-Object {$_.CategoryName -ne $ScopeName}
foreach ( $ExtraScope in $scopes )
{
Remove-CMObjectSecurityScope -InputObject $app -Scope $ExtraScope -Force
}Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specify the ID of a security scope that's associated with a Configuration Manager object. This value is the CategoryID property, for example SMS00UNA for the Default scope.
| Type: | String |
| Aliases: | SecurityScopeId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specify an array of Configuration Manager objects that are associated with a security scope. To get this object, use the Get cmdlet for the object type. For example, Get-CMApplication for app objects.
| Type: | IResultObject[] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Specify the name of a security scope that's associated with a Configuration Manager object.
| Type: | String |
| Aliases: | SecurityScopeName |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Scope
Specify an array of security scope objects to remove. To get this object use the Get-CMSecurityScope cmdlet.
| Type: | IResultObject[] |
| Aliases: | SecurityScope, SecuredCategory, Scopes, SecurityScopes, SecuredCategories |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject[]
Outputs
System.Object