Set acls remotely to a VDI / RDSH Delivery Group

· 2 min read
Set acls remotely to a VDI / RDSH Delivery Group

In the same way as the previous blog post, some more automation to maintain a VDI/RDSH environment, and get back to a controlled and clean environment. This blog is a follow up to Remotely clean up Virtual Machines drives – XenDesktop , Expand virtual machines hard disk – automation , XenDesktop XenApp 7.x – vmware / ad / delivery group notes and descriptions sync . I had to automate an action to place ACLs on the D: drive using Powershell and icacls.

This script is using XenDesktop / XenApp command to list all the Virtual Machines with SessionSupport value equal to SingleSession, it means the VDI only in my case. If you want to check the list of Virtual Machines you targeted you can use this command :

Get-BrokerMachine  -AdminAddress $XDDC -Filter "((SessionSupport -eq `"SingleSession`"))" -Skip 0 | Select-Object HostedMachineName

If you want to target a specific XenDesktop Delivery Group, then just adapt the previous line :

Get-BrokerMachine  -AdminAddress $XDDC -Filter "((SessionSupport -eq `"SingleSession`" -and DesktopGroupName -eq `"Name of the Delivery Group`"))" -Skip 0 | Select-Object HostedMachineName

Once you know the target, you can execute the following script. Using this script assume Virtual Machines are switched on.

Add-PSSnapin citrix*
$group1 = "BUILTINAdministrators:rx"
$group2 = "BUILTINUsers:rx"
foreach ($list in (Get-BrokerMachine  -AdminAddress $XDDC -Filter "((SessionSupport -eq `"SingleSession`"))" -Skip 0 | Select-Object HostedMachineName)) {
$list.HostedMachineName = $list.HostedMachineName.Insert(0,'')
$list.HostedMachineName += "d$"
# Write-Host $list.HostedMachineName
  Get-ChildItem -Path $list.HostedMachineName | foreach ($_) {
       Write-Host "Change ACL's on " $srv -ForegroundColor Green
       icacls $_.fullname /grant $group1
       icacls $_.fullname /grant $group2

If you have suggestion, and/or comment, share your though !