AppSense AM - How to Disable an exe via Computer AD Group Membership (PowerShell Scripted Rule)
- Christopher Tracy
- Oct 2, 2015
- 1 min read
The Script below can be used within AppSense Application Manager to check if the local machine is a member of a specific group. This can be used a scripted rule to prohibit or allow access to certain binaries on a per machine basis. The example below searches for a group called disable_wordpad. It can be run per user or per computer, per user will mean a slight overhead on processing but allows the rule to be more flexible if the AD membership changes between logons.
#------------------------------------------------------------------------------
# http://www.v23c.com/ - 02-10-2015 # Script to get the SID of the Current Logged on User and save to environment variable #------------------------------------------------------------------------------ $MyGroup = "disable_wordpad" $OutPut = ([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' IF ($OutPut -eq $MyGroup) { exit 0 } ELSE { exit 1 } #------------------------------------------------------------------------------ Enjoy
CT
Recent Posts
See AllWe recently had an issue on site where a random couple of servers where experiencing Terminal Server Licence issue. The servers in...
After quite a few people grumbling about not being able to do much customisation of Task Manager within Windows, especially in a Citrix /...
Below I have detailed the commands to install the DesktopNow prereqs for Windows Server 2012. The .NET Framework 3.5 isn’t part of the...
Comentários