Add-CMSecurityScopeToAdministrativeUser

Module:

ConfigurationManager

Add a security scope to a user or group.

Syntax

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUserName <String>
   -SecurityScopeName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -SecurityScopeId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -SecurityScopeName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -SecurityScope <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUserId <Int32>
   -SecurityScopeId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUserId <Int32>
   -SecurityScopeName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUserId <Int32>
   -SecurityScope <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUserName <String>
   -SecurityScopeId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityScopeToAdministrativeUser
   -AdministrativeUserName <String>
   -SecurityScope <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Use this cmdlet to add a security scope to an administrative user or administrative group in Configuration Manager.

For more information about security scopes, see Fundamentals of role-based administration in Configuration Manager.

You can specify an administrative user or group by name or by ID or you can use the use the Get-CMAdministrativeUser cmdlet to obtain a user or group object. An administrative user in Configuration Manager defines a local or domain user or group. You can specify a security scope to add by name or by ID or you can use the Get-CMSecurityScope cmdlet to obtain a security scope.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Add a custom security scope to a domain user group

This command adds a security scope named Scope22 for a domain group named Western Administrators. This command assumes that you already created the custom security scope and the administrative user.

Add-CMSecurityScopeToAdministrativeUser -AdministrativeUserName "Contoso\Western Administrators" -SecurityScopeName "Scope22"

Parameters

-AdministrativeUser

Specify an administrative user object to configure. To get this object, use the Get-CMAdministrativeUser cmdlet.

Type:	IResultObject
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-AdministrativeUserId

Specify the ID of the administrative user to configure. This value is the AdminID property, which is an integer value. For example, 16777234.

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AdministrativeUserName

Specify the name of the administrative user to configure.

You can use wildcard characters:

• *: Multiple characters
• ?: Single character

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SecurityScope

Specify a security scope object to add. To get this object, use the Get-CMSecurityScope cmdlet.

Type:	IResultObject
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-SecurityScopeId

Specify the ID of the security scope to add. This value is the CategoryID property, for example SMS00UNA for the Default scope.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SecurityScopeName

Specify the name of the security scope to add.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object

Related Links

• Remove-CMSecurityScopeFromAdministrativeUser
• Add-CMSecurityRoleToAdministrativeUser
• Get-CMAdministrativeUser
• Get-CMSecurityScope
• Automate role-based administration with Windows PowerShell