Edit

Share via

Remove-CMSecurityScopeFromAdministrativeUser

  • Reference
Module:
ConfigurationManager

Remove the association between a security scope and an administrative user.

Syntax

Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUserName <String>
      [-Force]
      -SecurityScopeName <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUser <IResultObject>
      [-Force]
      -SecurityScopeId <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUser <IResultObject>
      [-Force]
      -SecurityScopeName <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUser <IResultObject>
      [-Force]
      -SecurityScope <IResultObject>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUserId <Int32>
      [-Force]
      -SecurityScopeId <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUserId <Int32>
      [-Force]
      -SecurityScopeName <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUserId <Int32>
      [-Force]
      -SecurityScope <IResultObject>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUserName <String>
      [-Force]
      -SecurityScopeId <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityScopeFromAdministrativeUser
      -AdministrativeUserName <String>
      [-Force]
      -SecurityScope <IResultObject>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

Use this cmdlet to remove the association between a security scope and an administrative user. An administrative user in Configuration Manager defines a local or domain user or group.

After you remove the association between a security scope and an administrative user, the administrative user can't view the objects in Configuration Manager that are associated with the security scope, and no longer has the permission to perform the tasks that are related to those objects.

For more information about security scopes, see Fundamentals of role-based administration in Configuration Manager.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Remove a security scope from an administrative user

This command removes the association between the security scope named SecScope02 and the administrative user named Contoso\PattiFuller. Since it specifies the Force parameter, it runs without prompting.

Remove-CMSecurityScopeFromAdministrativeUser -AdministrativeUserName "Contoso\PattiFuller" -SecurityScopeName "SecScope02" -Force

Parameters

-AdministrativeUser

Specify an administrative user object to configure. To get this object, use the Get-CMAdministrativeUser cmdlet.

Type:IResultObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-AdministrativeUserId

Specify the ID of the administrative user to configure. This value is the AdminID property, which is an integer value. For example, 16777234.

Type:Int32
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AdministrativeUserName

Specify the name of the administrative user to configure.

You can use wildcard characters:

  • *: Multiple characters
  • ?: Single character
Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SecurityScope

Specify a security scope object to remove. To get this object, use the Get-CMSecurityScope cmdlet.

Type:IResultObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-SecurityScopeId

Specify the ID of the security scope to remove. This value is the CategoryID property, for example SMS00UNA for the Default scope.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SecurityScopeName

Specify the name of the security scope to remove.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object