Citrix Daas SDK

New-BrokerAppAssignmentPolicyRule

Creates a new application rule in the site’s assignment policy.

Syntax

New-BrokerAppAssignmentPolicyRule
   [-Description <String>]
   -DesktopGroupUid <Int32>
   [-Enabled <Boolean>]
   [-ExcludedUserFilterEnabled <Boolean>]
   [-ExcludedUsers <User[]>]
   [-IncludedUserFilterEnabled <Boolean>]
   [-IncludedUsers <User[]>]
   [-Name] <String>
   [-LoggingId <Guid>]
   [<CitrixCommonParameters>]
   [<CommonParameters>]
<!--NeedCopy-->

Description

The New-BrokerAppAssignmentPolicyRule cmdlet adds a new application rule to the site’s assignment policy.

An application rule in the assignment policy defines the users who are entitled to a self-service persistent machine assignment from the rule’s desktop group; once assigned the machine can run one or more applications published from the group.

The following constraints apply when creating an application assignment rule for a desktop group:

  • The group’s desktop kind must be Private
  • The group’s delivery type must be AppsOnly
  • Only a single application rule can apply to a given group
  • Application assignment rules cannot be applied to RemotePC groups.

When a user selects an application published from a private group, a currently unassigned machine is selected from the group and permanently assigned to the user. An application session is then launched to the machine. Subsequent launches are routed directly to the now assigned machine.

Once a machine has been assigned in this way, the original assignment rule plays no further part in access to the machine.

Examples

EXAMPLE 1

Creates an application rule in the assignment policy that grants all members of the SALES\uk-staff group an entitlement to a single machine from the Sales Support desktop group. The machine can be used for running applications published from the group.

$dg = Get-BrokerDesktopGroup 'Sales Support'
New-BrokerAppAssignmentPolicyRule 'UK Office' -DesktopGroupUid $dg.Uid -IncludedUsers sales\uk-staff
<!--NeedCopy-->

Parameters

-Name

Specifies the administrative name of the new application rule. Each rule in the site’s assignment policy must have a unique name (irrespective of whether they are desktop or application rules).

Type: String
Position: 2
Default value: None
Required: True
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: True

-DesktopGroupUid

Specifies the unique ID of the desktop group to which the new application rule applies.

Type: Int32
Position: Named
Default value: None
Required: True
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Description

Specifies an optional description of the new application rule. The text is purely informational for the administrator, it is never visible to the end user.

Type: String
Position: Named
Default value: Null
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: True

-Enabled

Specifies whether the new application rule is initially enabled. A disabled rule is ignored when evaluating the site’s assignment policy.

Type: Boolean
Position: Named
Default value: True
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ExcludedUserFilterEnabled

Specifies whether the excluded users filter is initially enabled. If the filter is disabled then any user entries in the filter are ignored when assignment policy rules are evaluated.

Type: Boolean
Position: Named
Default value: False
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ExcludedUsers

Specifies the excluded users filter of the new application rule, that is, the users and groups who are explicitly denied an entitlement to a machine assignment from the rule.

This can be used to exclude users or groups who would otherwise gain access by groups specified in the included users filter.

Type: User[]
Position: Named
Default value: (empty list)
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-IncludedUserFilterEnabled

Specifies whether the included users filter is initially enabled. If the filter is disabled then any user who satisfies the requirements of the access policy is implicitly granted an entitlement to a machine assignment by the new application rule.

Users who would be implicitly granted access when the filter is disabled can still be explicitly denied access using the excluded users filter.

Type: Boolean
Position: Named
Default value: True
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-IncludedUsers

Specifies the included users filter of the new application rule, that is, the users and groups who are granted an entitlement to a machine assignment by the rule.

If a user appears explicitly in the excluded users filter of the rule or is a member of a group that appears in the excluded users filter, no entitlement is granted whether or not the user appears in the included users filter.

Type: User[]
Position: Named
Default value: (empty list)
Required: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-LoggingId

Specifies the identifier of the high level operation that this cmdlet call forms a part of. Desktop Studio and Desktop Director typically create High Level Operations. PowerShell scripts can also wrap a series of cmdlet calls in a High Level Operation by way of the Start-LogHighLevelOperation and Stop-LogHighLevelOperation cmdlets.

Type: Guid
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False

CitrixCommonParameters

This cmdlet supports the common Citrix parameters: -AdminAddress, -AdminClientIP, -BearerToken, -TraceParent, -TraceState and -VirtualSiteId. For more information, see about_CitrixCommonParameters.

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You cannot pipe input into this cmdlet.

Outputs

Citrix.Broker.Admin.SDK.AppAssignmentPolicyRule

New-BrokerAppAssignmentPolicyRule returns the newly created application rule in the assignment policy.

New-BrokerAppAssignmentPolicyRule