Remove-CMSecurityRole

Removes custom security roles from Configuration Manager.

Syntax

Remove-CMSecurityRole
      -Id <String>
      [-Force]
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityRole
      -InputObject <IResultObject>
      [-Force]
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityRole
      -Name <String>
      [-Force]
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Remove-CMSecurityRole cmdlet removes custom security roles from Microsoft System Center Configuration Manager. Specify the name or ID of a security role you want to remove or use the Get-CMSecurityRole cmdlet to obtain one.

Configuration Manager uses security roles, along with security scopes and collections, to define an administrative scope for each administrative user. Configuration Manager provides several built-in security roles. To create a custom security role, copy an existing security role, and then modifying the copy. You can copy a security role by using the Copy-CMSecurityRole cmdlet.

You can use the Remove-CMSecurityRole cmdlet to remove old, unneeded custom security roles. You cannot remove built-in security roles. Every administrative user must have at least one security role. Before you remove a security role, make sure every user has a role in addition to the one you remove.

Examples

Example 1: Remove a security role by using a name

PS C:\> Remove-CMSecurityRole -Name "MainSecurityRole" -Force

This command removes a security role named MainSecurityRole from Configuration Manager. The command uses the Force parameter, so it does not prompt you for confirmation.

Example 2: Remove security roles by using a variable

PS C:\> $Roles = Get-CMSecurityRole -Name *Role 
PS C:\> Remove-CMSecurityRole -SecurityRole $Roles

The first command uses the Get-CMSecurityRole cmdlet to get each security role that has a name that ends in Role. It stores them in the $Roles variable.

The second command removes each security role stored in the $Roles variable.

Required Parameters

-Id

Specifies an array of IDs of security roles.

Type:String
Aliases:RoleId
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputObject

Specifies a security role object. To obtain a security role object, use the Get-CMSecurityRole cmdlet.

Type:IResultObject
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-Name

Specifies an array of names of security roles.

Type:String
Aliases:RoleName
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DisableWildcardHandling

DisableWildcardHandling treats wildcard characters as literal character values. Cannot be combined with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForceWildcardHandling

ForceWildcardHandling processes wildcard characters and may lead to unexpected behavior (not recommended). Cannot be combined with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False