We will look into using RBAC Manager R2 rom (CodePlex) to manage our environment. There are several cmdlet’s also available.
Download RBAC manager From this link , unzip the files and execute RBAC_Manager.exe.
Note: RBAC_Manager.exe runs into memory space , it means you do not have to install it. If your environment is “secured” this could be pretty neat news. I still recommend making sure , you are clear with your work place existing policies etc..
Now provide required parameters and click ok to connect.
You will be seeing Management Roles , listed on the left pane
*PS equivalent for what you are seeing would be
#Get all management Role Entries
| Get-ManagementRoleEntry "*\*" |
After making making up your mind what Management Role you like to use as parent and create new one, simply “right click” and select “New Role From Here”
*PS equivalent
If you like to see what cmdlet;s assigned to specific Role entry
| Get-ManagementRoleEntry "Active Directory permissions\*" |
Create new Role from Parent
| New-ManagementRole "ZTEK Active Directory Permissions" -Parent "Active Directory Permissions" |
Note: As far as name convention goes for the Management Roles, make some plans and follow them. Having simple name convention for Management roles and Role Groups will provide more simpler management to your organization.
Select the Role and get rid of any cmdlet you do not want to associate with this Role, Click Save on the top menu to save the changes.
PS Version ( Remove All cmdlet, but Like ( matches ) the filter )
| Get-ManagementRoleEntry “ZTEK Active Directory permissions\*” | Where {$_.name -Like “Get-User”} | Remove-ManagementRoleEntry -Confirm:$False |
Now Click on “Show Role Groups”
| Get-RoleGroup |
Create Role Group
| New-RoleGroup -Name "ZtekZone HelpDesk 1.0" |
here you can select any of the existing roles , custom scope options, it is pretty simple and useful , once you are read click on ok.
In this example I will pick up the role we have created earlier
Adding member to Role Group
| Get-RoleGroup | Select-Object name |
| Get-RoleGroup -Identity "ZtekZone Security Tier 2" |
| Get-RoleGroup -Identity "ZtekZone Security Tier 2" | Add-RoleGroupMember -Member c-Aki.Armstrong |
to see the list of members
| Get-RoleGroup -Identity "ZtekZone Security Tier 2" | Select-Object name,members | ft -AutoSize |
you can un-check the box to take Ron out of RBAC Role Group. As you already know RBAC groups are kept in the AD root Forest, in the “ Microsoft Exchange Security Groups” Organization container.
As you can see it is fairly simple to manage the RBAC roles and it is related task with RBAC Manager
Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)
No comments:
Post a Comment