Set acls remotely to a VDI / RDSH Delivery Group
In the same way as the previous blog post, some more automation to maintain a VDI/RDSH environment, and get back to a controlled and clean environment. This blog is a follow up to Remotely clean up Virtual Machines drives – XenDesktop , Expand virtual machines hard disk – automation , XenDesktop XenApp 7.x – vmware / ad / delivery group notes and descriptions sync . I had to automate an action to place ACLs on the D: drive using Powershell and icacls.
This script is using XenDesktop / XenApp command to list all the Virtual Machines with SessionSupport value equal to SingleSession, it means the VDI only in my case. If you want to check the list of Virtual Machines you targeted you can use this command :
Get-BrokerMachine -AdminAddress $XDDC -Filter "((SessionSupport -eq `"SingleSession`"))" -Skip 0 | Select-Object HostedMachineNameIf you want to target a specific XenDesktop Delivery Group, then just adapt the previous line :
Get-BrokerMachine -AdminAddress $XDDC -Filter "((SessionSupport -eq `"SingleSession`" -and DesktopGroupName -eq `"Name of the Delivery Group`"))" -Skip 0 | Select-Object HostedMachineNameOnce you know the target, you can execute the following script. Using this script assume Virtual Machines are switched on.
Add-PSSnapin citrix*
$group1 = "BUILTINAdministrators:rx"
$group2 = "BUILTINUsers:rx"
$XDDC = "XDDCFQDN"
foreach ($list in (Get-BrokerMachine -AdminAddress $XDDC -Filter "((SessionSupport -eq `"SingleSession`"))" -Skip 0 | Select-Object HostedMachineName)) {
$list.HostedMachineName = $list.HostedMachineName.Insert(0,'')
$list.HostedMachineName += "d$"
# Write-Host $list.HostedMachineName
Get-ChildItem -Path $list.HostedMachineName | foreach ($_) {
Write-Host "Change ACL's on " $srv -ForegroundColor Green
icacls $_.fullname /grant $group1
icacls $_.fullname /grant $group2
}
}If you have suggestion, and/or comment, share your though !
