This repository has been archived by the owner on Dec 7, 2021. It is now read-only.
/
4-WmiNamespaceSecurity_RemovePermissionFromWmiNamespaceConfig.ps1
78 lines (65 loc) · 2.39 KB
/
4-WmiNamespaceSecurity_RemovePermissionFromWmiNamespaceConfig.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<#PSScriptInfo
.VERSION 1.0.0
.GUID 168b59de-fd55-4f63-b345-f876152c2323
.AUTHOR Microsoft Corporation
.COMPANYNAME Microsoft Corporation
.COPYRIGHT
.TAGS DSCConfiguration
.LICENSEURI https://github.com/PowerShell/WmiNamespaceSecurityDsc/blob/master/LICENSE
.PROJECTURI https://github.com/PowerShell/WmiNamespaceSecurityDsc
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES First version.
.PRIVATEDATA 2016-Datacenter,2016-Datacenter-Server-Core
#>
#Requires -module WmiNamespaceSecurityDsc
<#
.SYNOPSIS
Configuration that removes the account, so the account no longer have
permission to the specified WMI namespace.
.DESCRIPTION
Configuration that removes the account, so the account no longer have
permission to the specified WMI namespace.
.PARAMETER Path
The path of WMI namespace to remove the account from. e.g. 'root/cimv2'.
.PARAMETER Principal
The user account that should be removed, e.g. 'Domain\Steve'.
.EXAMPLE
WmiNamespaceSecurity_RemovePermissionFromWmiNamespaceConfig -Path 'root/cimv2' -Principal 'Domain\Steve'
Compiles a configuration that removes the user account 'Domain\Steve'
from the WMI namespace 'root/cimv2'.
.EXAMPLE
$configurationParameters = @{
Path = 'root/cimv2'
Principal = 'Domain\Steve'
}
Start-AzureRmAutomationDscCompilationJob -ResourceGroupName '<resource-group>' -AutomationAccountName '<automation-account>' -ConfigurationName 'WmiNamespaceSecurity_RemovePermissionFromWmiNamespaceConfig' -Parameters $configurationParameters
Compiles a configuration in Azure Automation that removes the user
account 'Domain\Steve' from the WMI namespace 'root/cimv2'.
Replace the <resource-group> and <automation-account> with correct values.
#>
Configuration WmiNamespaceSecurity_RemovePermissionFromWmiNamespaceConfig
{
param
(
[Parameter(Mandatory = $true)]
[System.String]
$Path,
[Parameter(Mandatory = $true)]
[System.String]
$Principal
)
Import-DSCResource -ModuleName WmiNamespaceSecurityDsc
Node $AllNodes.NodeName
{
WmiNamespaceSecurity AddAccountJason
{
Path = $Path
Principal = $Principal
AccessType = 'Allow'
Ensure = 'Absent'
}
}
}