Citrix Daas SDK

Get-BrokerEntitlementPolicyRule

Gets desktop rules from the site’s entitlement policy.

Syntax

Get-BrokerEntitlementPolicyRule
   [[-Name] <String>]
   [-BrowserName <String>]
   [-ColorDepth <ColorDepth>]
   [-Description <String>]
   [-DesktopGroupUid <Int32>]
   [-Enabled <Boolean>]
   [-ExcludedUser <User>]
   [-ExcludedUserFilterEnabled <Boolean>]
   [-IconUid <Int32>]
   [-IncludedUser <User>]
   [-IncludedUserFilterEnabled <Boolean>]
   [-LeasingBehavior <LeasingBehavior>]
   [-MaxPerEntitlementInstances <Int32>]
   [-Metadata <String>]
   [-PublishedName <String>]
   [-RestrictToTag <String>]
   [-SecureIcaRequired <Boolean>]
   [-SessionReconnection <SessionReconnection>]
   [-UUID <Guid>]
   [-Property <String[]>]
   [-ReturnTotalRecordCount]
   [-MaxRecordCount <Int32>]
   [-Skip <Int32>]
   [-SortBy <String>]
   [-Filter <String>]
   [-FilterScope <Guid>]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->
Get-BrokerEntitlementPolicyRule
   [-Uid] <Int32>
   [-Property <String[]>]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->

Description

Returns desktop rules matching the specified search criteria from the site’s entitlement policy. If no search criteria are specified, all desktop rules in the entitlement policy are obtained.

A desktop rule in the entitlement policy defines the users who are allowed per-session access to a machine from the rule’s associated desktop group to run a full desktop session.

————————– BrokerEntitlementPolicyRule Object

The BrokerEntitlementPolicyRule object represents a single desktop rule within the site’s entitlement policy. It contains the following properties:

  • BrowserName (System.String)

    Site-wide unique name identifying this desktop entitlement to other components (for example StoreFront).

  • ColorDepth (Citrix.Broker.Admin.SDK.ColorDepth?)

    The color depth of any desktop session launched by the user from the entitlement. If null, the equivalent setting from the rule’s desktop group is used.

  • Description (System.String)

    Optional description of the rule. The text may be visible to the end user, for example, as a tooltip associated with the desktop entitlement.

  • DesktopGroupUid (System.Int32)

    The unique ID of the desktop group to which the rule applies.

  • Enabled (System.Boolean)

    Indicates whether the rule is enabled. A disabled rule is ignored when evaluating the site’s entitlement policy.

  • ExcludedUserFilterEnabled (System.Boolean)

    Indicates whether the excluded users filter is enabled. If the filter is disabled then any user entries in the filter are ignored when entitlement policy rules are evaluated.

  • ExcludedUsers (Citrix.Broker.Admin.SDK.ChbUser[])

    The excluded users filter of the rule, that is, the users and groups who are explicitly denied an entitlement to a desktop session from this rule.

  • IconUid (System.Int32?)

    The unique ID of the icon used to display the desktop entitlement to the user. If null, the equivalent setting from the rule’s desktop group is used.

  • IncludedUserFilterEnabled (System.Boolean)

    Indicates whether the included users filter is enabled. If the filter is disabled then any user who satisfies the requirements of the access policy is implicitly granted an entitlement to a desktop session by the rule.

  • IncludedUsers (Citrix.Broker.Admin.SDK.ChbUser[])

    The included users filter of the rule, that is, the users and groups who are granted an entitlement to a desktop session by the rule.

  • LeasingBehavior (Citrix.Broker.Admin.SDK.LeasingBehavior)

    Defines the desired connection leasing behavior applied to sessions launched using this entitlement. Possible values are: Allowed and Disallowed.

  • MaxPerEntitlementInstances (System.Int32)

    Maximum allowed concurrently running instances of the desktop associated with this entitlement in the site . A value of zero allows unlimited usage.

  • MetadataMap (System.Collections.Generic.Dictionary<string, string>)

    A collection of arbitrary key/value pairs that can be associated with the rule. The administrator can use these values for any purpose; they are not used by the site itself in any way.

  • Name (System.String)

    The administrative name of the rule. Each rule in the site’s entitlement policy must have a unique name (irrespective of whether they are desktop or application rules).

  • PublishedName (System.String)

    The name of the desktop session entitlement as seen by the user. If null, the equivalent setting from the rule’s desktop group is used.

  • RestrictToTag (System.String)

    Optional tag that may be used further to restrict which machines may be made accessible to a user by an entitlement policy rule. A machine may be made accessible by an entitlement policy rule only if either the rule has no tag restriction or the rule does have a tag restriction and the machine is tagged with the same tag.

  • SecureIcaRequired (System.Boolean?)

    Indicates whether the rule requires the SecureICA protocol for desktop sessions launched using the entitlement. If null, the equivalent setting from the rule’s desktop group is used.

  • SessionReconnection (Citrix.Broker.Admin.SDK.SessionReconnection)

    Defines reconnection (roaming) behavior for sessions launched using this rule. Possible values are: Always, DisconnectedOnly, and SameEndpointOnly.

  • Uid (System.Int32)

    The unique ID of the rule itself.

  • UUID (System.Guid)

    UUID of the rule.

Examples

EXAMPLE 1

Returns all desktop rules from the entitlement policy. This offers a complete description of the current site’s entitlement policy with respect to desktops published from shared desktop groups.

Get-BrokerEntitlementPolicyRule
<!--NeedCopy-->

EXAMPLE 2

Returns all desktop rules in the entitlement policy that give users entitlements to desktop sessions in the Customer Support desktop group.

$dg = Get-BrokerDesktopGroup 'Customer Support'
Get-BrokerEntitlementPolicyRule -DesktopGroupUid $dg.Uid
<!--NeedCopy-->

Parameters

-Uid

Gets the desktop rule with the specified unique ID.

Type: Int32
Position: 2
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False

-Name

Gets only desktop rules with the specified name.

Type: String
Position: 2
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-BrowserName

Gets only desktop rules with browser names matching the specified name.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-ColorDepth

Gets only desktop rules with the specified color depth.

Valid values are $null, FourBit, EightBit, SixteenBit, and TwentyFourBit.

Type: ColorDepth
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Description

Gets only desktop rules with the specified description.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-DesktopGroupUid

Gets only desktop rules that apply to the desktop group with the specified unique ID.

Type: Int32
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Enabled

Gets only desktop rules that are in the specified state, either enabled ($true), or disabled ($false).

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-ExcludedUser

Gets only desktop rules that have the specified user in their excluded users filter (whether the filter is enabled or not).

Type: User
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-ExcludedUserFilterEnabled

Gets only desktop rules that have their excluded user filter enabled ($true) or disabled ($false).

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-IconUid

Gets only desktop rules using the icon with the specified unique ID.

Type: Int32
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-IncludedUser

Gets only desktop rules that have the specified user in their included users filter (whether the filter is enabled or not).

Type: User
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-IncludedUserFilterEnabled

Gets only desktop rules that have their included user filter enabled ($true) or disabled ($false).

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-LeasingBehavior

Gets only application rules with the specified connection leasing behavior. Possible values are:

Allowed and Disallowed.

Type: LeasingBehavior
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-MaxPerEntitlementInstances

Maximum allowed concurrently running instances of the desktop associated with this entitlement in the site . A value of zero allows unlimited usage.

Type: Int32
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Metadata

Gets records with matching metadata entries.

The value being compared with is a concatenation of the key name, a colon, and the value. For example: -Metadata “abc:x*” matches records with a metadata entry having a key name of “abc” and a value starting with the letter “x”.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-PublishedName

Gets only desktop rules with the specified published name, that is, the desktop session entitlement name that the end user sees.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-RestrictToTag

Gets only desktop rules with the specified tag restriction.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: True

-SecureIcaRequired

Gets only desktop rules that require the desktop session to use the SecureICA protocol ($true) or not ($false).

Type: Boolean
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-SessionReconnection

Gets only desktop rules with the specified session reconnection behavior. Possible values are:

Always, DisconnectedOnly, and SameEndpointOnly.

Type: SessionReconnection
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-UUID

Gets rules with the specified value of UUID.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-ReturnTotalRecordCount

When specified, this causes the cmdlet to output an error record containing the number of records available. This error record is additional information and does not affect the objects written to the output pipeline. See about_Broker_Filtering for details.

Type: SwitchParameter
Position: Named
Default value: False
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-MaxRecordCount

Specifies the maximum number of records to return.

Type: Int32
Position: Named
Default value: 250
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Skip

Skips the specified number of records before returning results. Also reduces the count returned by -ReturnTotalRecordCount.

Type: Int32
Position: Named
Default value: 0
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-SortBy

Sorts the results by the specified list of properties. The list is a set of property names separated by commas, semi-colons, or spaces. Optionally, prefix each name with a + or - to indicate ascending or descending order. Ascending order is assumed if no prefix is present.

Type: String
Position: Named
Default value: The default sort order is by name or unique identifier.
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Filter

Gets records that match a PowerShell style filter expression. See about_Broker_Filtering for details.

Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-FilterScope

Gets only results allowed by the specified scope id.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

-Property

Specifies the properties to be returned. This is similar to piping the output of the command through Select-Object, but the properties are filtered more efficiently at the server.

Type: String[]
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

CitrixCommonParameters

This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You cannot pipe input into this cmdlet.

Outputs

Citrix.Broker.Admin.SDK.EntitlementPolicyRule

Get-BrokerEntitlementPolicyRule returns all desktop entitlement policy rules that match the specified selection criteria.

Get-BrokerEntitlementPolicyRule