AppSense AM - How to Disable an exe via Computer AD Group Membership (PowerShell Scripted Rule)

The Script below can be used within AppSense Application Manager to check if the local machine is a member of a specific group. This can be used a scripted rule to prohibit or allow access to certain binaries on a per machine basis. The example below searches for a group called disable_wordpad. It can be run per user or per computer, per user will mean a slight overhead on processing but allows the rule to be more flexible if the AD membership changes between logons.

#------------------------------------------------------------------------------

# http://www.v23c.com/ - 02-10-2015 # Script to get the SID of the Current Logged on User and save to environment variable #------------------------------------------------------------------------------ $MyGroup = "disable_wordpad" $OutPut = ([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' IF ($OutPut -eq $MyGroup) { exit 0 } ELSE { exit 1 } #------------------------------------------------------------------------------ Enjoy

CT

#AM #AppSense #DesktopNow #PowerShell #ApplicationManager #EnvironmentManager #PerformanceManager #PersonalisationServer #PM #EM

Event 1069 - TerminalServices-RemoteConnectionManager

Task Manager Lite