Hello all,
I am about to setup a PSWA for the support staff to 1) simplify initial discovery and 2) provide limited custom functions to automate 80% typical troubleshooting for VDI environment via PowerShell.
The question is, I would like to limit the verb-* or cmdlets that the user can execute on the PSWA session so that we don't give the support staff full admin access to perform more harmful activities. I know that this should be handled by Role based administration control but in some cases, the infrastructure doesn't give the granular control.
Add-PswaAuthorizationRule was the first thing i looked into:
http://technet.microsoft.com/en-us/library/jj592890(v=wps.620).aspx
But it doesn't give granular control over what verb that they can run.
All I want is to grant the following verbs-* and verbs-Prefix* :
- get-*
- import-*
- export-*
- add-custom*
- set-custom*
- remove-custom*
or snapin/module level.
If it is all possible, please let me know how I can achieve this.
Thanks,
young-
YPae