-
-
-
-
-
Get-BrokerAccessPolicyRule
-
-
-
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Get-BrokerAccessPolicyRule
Gets rules from the site’s access policy.
Syntax
Get-BrokerAccessPolicyRule
[[-Name] <String>]
[-AllowedConnections <AllowedConnection>]
[-AllowedUsers <AllowedUser>]
[-Description <String>]
[-DesktopGroupName <String>]
[-DesktopGroupUid <Int32>]
[-Enabled <Boolean>]
[-ExcludedClientIPFilterEnabled <Boolean>]
[-ExcludedClientName <String>]
[-ExcludedClientNameFilterEnabled <Boolean>]
[-ExcludedSmartAccessFilterEnabled <Boolean>]
[-ExcludedSmartAccessTag <String>]
[-ExcludedUser <User>]
[-ExcludedUserFilterEnabled <Boolean>]
[-IncludedClientIPFilterEnabled <Boolean>]
[-IncludedClientName <String>]
[-IncludedClientNameFilterEnabled <Boolean>]
[-IncludedSmartAccessFilterEnabled <Boolean>]
[-IncludedSmartAccessFilterType <String>]
[-IncludedSmartAccessTag <String>]
[-IncludedUser <User>]
[-IncludedUserFilterEnabled <Boolean>]
[-Metadata <String>]
[-Property <String[]>]
[-ReturnTotalRecordCount]
[-MaxRecordCount <Int32>]
[-Skip <Int32>]
[-SortBy <String>]
[-Filter <String>]
[-FilterScope <Guid>]
[<CitrixCommonParameters>]
[<CommonParameters>]
<!--NeedCopy-->
Get-BrokerAccessPolicyRule
[-Uid] <Int32>
[-Property <String[]>]
[<CitrixCommonParameters>]
[<CommonParameters>]
<!--NeedCopy-->
Description
Returns rules matching the specified search criteria from the site’s access policy. If no search criteria are specified, all rules in the access policy are obtained.
An access policy rule defines a set of connection filters and access control rights relating to a desktop group. These allow fine-grained control of what access is granted to a desktop group based on details of, for example, a user’s endpoint device, its address, and the user’s identity.
————————– BrokerAccessPolicyRule Object
A BrokerAccessPolicyRule object represents a single rule within the site’s access policy. For a user to gain access to a desktop group via the rule their connection must match all its enabled include filters, and none of its enabled exclude filters. The object contains the following properties:
-
AllowedConnections (Citrix.Broker.Admin.SDK.AllowedConnection)
Controls whether connections must be local or via Access Gateway, and if so whether specified SmartAccess tags must be provided by Access Gateway with the connection. This property forms part of the included SmartAccess tags filter. For a detailed description of this property see “help about_Broker_AccessPolicy”.
-
AllowedProtocols (System.String[])
Protocols (for example HDX, RDP) available to the user for sessions delivered from the rule’s desktop group. If the user gains access to a desktop group by multiple rules, the allowed protocol list is the combination of the protocol lists from all those rules. If the protocol list is empty, access to the desktop group is implicitly denied.
-
AllowedUsers (Citrix.Broker.Admin.SDK.AllowedUser)
Controls the behavior of the included users filter. This can restrict access to a list of named users or groups, or allow access to any authenticated user. For a detailed description of this property see “help about_Broker_AccessPolicy”.
-
AllowRestart (System.Boolean)
Indicates if the user can restart sessions delivered from the rule’s desktop group. Session restart is handled as follows: For sessions on single-session power-managed machines, the machine is powered off, and a new session launch request made; for sessions on multi-session machines, a logoff request is issued to the session, and a new session launch request made; otherwise the property is ignored.
-
AppProtectionKeyLoggingRequired (System.Boolean)
Specifies whether key logging app protection is required.
-
AppProtectionScreenCaptureRequired (System.Boolean)
Specifies whether screen capture app protection is required.
-
Description (System.String)
An optional description of the rule. The text is purely informational for the administrator, it is never visible to the end user.
-
DesktopGroupName (System.String)
The name of the desktop group to which the rule applies.
-
DesktopGroupUid (System.Int32)
The unique ID of the desktop group to which the rule applies.
-
Enabled (System.Boolean)
Indicates whether the rule is enabled. A disabled rule is ignored when evaluating the site’s access policy.
-
ExcludedClientIPFilterEnabled (System.Boolean)
Indicates whether the excluded client IP filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
ExcludedClientIPs (Citrix.Broker.Admin.SDK.ChbIPAddressRange[])
IP addresses of user devices explicitly denied access to the rule’s desktop group. Addresses can be specified as simple numeric addresses or as subnet masks (for example, 10.40.37.5 or 10.40.0.0/16). This property forms part of the excluded client IP address filter.
-
ExcludedClientNameFilterEnabled (System.Boolean)
Indicates whether the excluded client name filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
ExcludedClientNames (System.String[])
Names of user devices explicitly denied access to the rule’s desktop group. This property forms part of the excluded client names filter.
-
ExcludedSmartAccessFilterEnabled (System.Boolean)
Indicates whether the excluded SmartAccess tags filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
ExcludedSmartAccessTags (System.String[])
SmartAccess tags which explicitly deny access to the rule’s desktop group if any occur in those provided by with the user’s connection. This property forms part of the excluded SmartAccess tags filter.
-
ExcludedUserFilterEnabled (System.Boolean)
Indicates whether the excluded users filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
ExcludedUsers (Citrix.Broker.Admin.SDK.ChbUser[])
Users and groups who are explicitly denied access to the rule’s desktop group. This property forms part of the excluded users filter.
-
HdxSslEnabled (System.Boolean)
Indicates whether TLS encryption is enabled for sessions delivered from the rule’s desktop group.
-
IncludedClientIPFilterEnabled (System.Boolean)
Indicates whether the included client IP filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
IncludedClientIPs (Citrix.Broker.Admin.SDK.ChbIPAddressRange[])
IP addresses of user devices allowed access to the rule’s desktop group. Addresses can be specified as simple numeric addresses or as subnet masks (for example, 10.40.37.5 or 10.40.0.0/16). This property forms part of the included client IP address filter.
-
IncludedClientNameFilterEnabled (System.Boolean)
Indicates whether the included client names filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
IncludedClientNames (System.String[])
Names of user devices allowed access to the rule’s desktop group. This property forms part of the included client names filter.
-
IncludedSmartAccessFilterEnabled (System.Boolean)
Indicates whether the included SmartAccess tags filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
IncludedSmartAccessFilterType (System.String)
Indicates whether all tags present in IncludedSmartAccessTags must match tags provided by the user’s connection to grant access (MatchAll), or whether any tag matching is sufficient (MatchAny).
-
IncludedSmartAccessTags (System.String[])
The SmartAccess tags which grant access to the rule’s desktop group if they occur in those provided with the user’s connection. If multiple tags are specified, access also depends on the IncludedSmartAccessFilterType setting. This property forms part of the included SmartAccess tags filter.
-
IncludedUserFilterEnabled (System.Boolean)
Indicates whether the included users filter is enabled. If the filter is disabled it is ignored when the rule is evaluated.
-
IncludedUsers (Citrix.Broker.Admin.SDK.ChbUser[])
Users and groups who are granted access to the rule’s desktop group. This property forms part of the included users filter.
-
MetadataMap (System.Collections.Generic.Dictionary<string, string>)
A collection of arbitrary key/value pairs that can be associated with the rule. The administrator can use these values for any purpose; they are not used by the site itself in any way.
-
Name (System.String)
Administrative name of the rule. Each rule in the site’s access policy must have a unique name.
-
Uid (System.Int32)
Unique ID of the rule itself.
Examples
EXAMPLE 1
Returns all access policy rules. This offers a complete description of the current site’s access policy.
Get-BrokerAccessPolicyRule
<!--NeedCopy-->
EXAMPLE 2
Returns all rules that are both enabled and explicitly include the SALES\tech-support group in their included users filter.
Get-BrokerAccessPolicyRule -Enabled $true -IncludedUser sales\tech-support
<!--NeedCopy-->
Parameters
-Uid
Gets only the rule with the specified unique ID.
Type: | Int32 |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
Gets only rules with the specified name.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-AllowedConnections
Gets only rules that have the specified value in the AllowedConnections property of their included SmartAccess tags filter.
Valid values are Filtered, NotViaAG, ViaAG and AnyViaAG.
Type: | AllowedConnection |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AllowedUsers
Gets only rules that have the specified value in the AllowedUsers property of their included users filter.
Valid values are Filtered, AnyAuthenticated, Any, AnonymousOnly and FilteredOrAnonymous.
Type: | AllowedUser |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
Gets only rules with the specified description.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-DesktopGroupName
Gets only rules applying to desktop groups with names matching the specified name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-DesktopGroupUid
Gets only rules that apply to the desktop group with the specified unique ID.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Enabled
Gets only rules that are in the specified state, either enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExcludedClientIPFilterEnabled
Gets only rules that have their excluded client IP address filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExcludedClientName
Gets only rules that have the specified client name in their excluded client names filter (whether the filter is enabled or not).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-ExcludedClientNameFilterEnabled
Gets only rules that have their excluded client name filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExcludedSmartAccessFilterEnabled
Gets only rules that have their excluded SmartAccess tags filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExcludedSmartAccessTag
Gets only rules that have the specified SmartAccess tag in their excluded SmartAccess tags filter (whether the filter is enabled or not).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-ExcludedUser
Gets only rules that have the specified user in their excluded users filter (whether the filter is enabled or not).
Type: | User |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExcludedUserFilterEnabled
Gets only rules that have their excluded user filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludedClientIPFilterEnabled
Gets only rules that have their included client IP address filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludedClientName
Gets only rules that have the specified user device name in their included client names filter (whether the filter is enabled or not).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-IncludedClientNameFilterEnabled
Gets only rules that have their included client name filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludedSmartAccessFilterEnabled
Gets only rules that have their included SmartAccess tags filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludedSmartAccessFilterType
Gets only rules that have the specified included SmartAccess tags filter type (MatchAll, or MatchAny).
Type: | String |
Accepted values: | MatchAll, MatchAny |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludedSmartAccessTag
Gets only rules that have the specified SmartAccess tag in their included SmartAccess tags filter (whether the filter is enabled or not).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | True |
-IncludedUser
Gets only rules that have the specified user in their included users filter (whether the filter is enabled or not).
Type: | User |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludedUserFilterEnabled
Gets only rules that have their included user filter enabled ($true) or disabled ($false).
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Metadata
Gets records with matching metadata entries.
The value being compared with is a concatenation of the key name, a colon, and the value. For example: -Metadata “abc:x*” matches records with a metadata entry having a key name of “abc” and a value starting with the letter “x”.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ReturnTotalRecordCount
When specified, this causes the cmdlet to output an error record containing the number of records available. This error record is additional information and does not affect the objects written to the output pipeline. See about_Broker_Filtering for details.
Type: | SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MaxRecordCount
Specifies the maximum number of records to return.
Type: | Int32 |
Position: | Named |
Default value: | 250 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Skip
Skips the specified number of records before returning results. Also reduces the count returned by -ReturnTotalRecordCount.
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SortBy
Sorts the results by the specified list of properties. The list is a set of property names separated by commas, semi-colons, or spaces. Optionally, prefix each name with a + or - to indicate ascending or descending order. Ascending order is assumed if no prefix is present.
Type: | String |
Position: | Named |
Default value: | The default sort order is by name or unique identifier. |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Filter
Gets records that match a PowerShell style filter expression. See about_Broker_Filtering for details.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-FilterScope
Gets only results allowed by the specified scope id.
Type: | Guid |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Property
Specifies the properties to be returned. This is similar to piping the output of the command through Select-Object, but the properties are filtered more efficiently at the server.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
CitrixCommonParameters
This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
You cannot pipe input into this cmdlet.
Outputs
Citrix.Broker.Admin.SDK.AccessPolicyRule
Get-BrokerAccessPolicyRule returns all access policy rules that match the specified selection criteria.
Related Links
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.