Remove-CMSecurityRole
Remove a custom security role.
Syntax
Remove-CMSecurityRole
[-Force]
-InputObject <IResultObject>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-CMSecurityRole
[-Force]
-Id <String>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Remove-CMSecurityRole
[-Force]
-Name <String>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Use this cmdlet to remove a custom security role from Configuration Manager. Specify the name or ID of a security role you want to remove or use the Get-CMSecurityRole cmdlet to get one.
You can use the Remove-CMSecurityRole cmdlet to remove old, unneeded custom security roles. You can't remove built-in security roles. Every administrative user must have at least one security role. Before you remove a security role, make sure every user has a role in addition to the one you remove.
For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Remove a security role by using a name
This command removes a security role named MainSecurityRole. The command uses the Force parameter, so it doesn't prompt you for confirmation.
Remove-CMSecurityRole -Name "MainSecurityRole" -ForceExample 2: Remove a security role by using a variable
The first command uses the Get-CMSecurityRole cmdlet to get all security roles that start with Custom, and stores them in the $role variable.
The second command removes the first security role stored in the array. Since it doesn't specify the Force parameter, this command prompts for confirmation.
$role = Get-CMSecurityRole -Name "Custom*"
Remove-CMSecurityRole -InputObject $role[1]Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specify the ID of the security role to remove. This value is the RoleID property. Since this cmdlet only works with custom roles, this value should always start with the site code. (IDs for built-in roles start with SMS.)
| Type: | String |
| Aliases: | RoleId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specify a security role object to remove. To get this object, use the Get-CMSecurityRole cmdlet.
| Type: | IResultObject |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Specify the name of the security role to remove.
| Type: | String |
| Aliases: | RoleName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
System.Object