VMware Cloud Community
popek
Contributor
Contributor
‎07-17-2018 10:54 AM
Jump to solution

PowerCLI script to assign permissions to all VM's in a folder

Trying to create a script that will query the VM's in multiple folders and apply a new role based on AD group to all VM's in those folders? Ideally this could be ran on a schedule and apply to the VM's that have been created or moved into these folders and thus do not have these permissions. Anyone got anything good for this? Thank you.

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎07-18-2018 12:56 PM
Jump to solution

No, not really.

So, if I understand correctly, the following should do the role for a specific AD group.

Or do you mean something else?

$folderName = 'MyFolder'

Get-Folder -Name $folderName | Get-VM |

New-VIPermission -Principal domain\group -Role YourRole


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
4 Replies
LucD
Leadership
Leadership
‎07-17-2018 01:14 PM
Jump to solution

I'm not sure why you would need to assign these permissions on the VMs.
If you assign the permissions on the folder with the propagate switch, each VM in the folder will inherit the permissions.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
popek
Contributor
Contributor
‎07-18-2018 10:32 AM
Jump to solution

I agree that's generally the case - but I need to propagate permissions globally for all folders (for general allow tasks) but set Read-Only permissions on VM's in specific folders. When I only set permissions on the folder (with propagation) it has no effect since global allow permission take precedence. The only way I am able to set the Read-Only permissions in this scenario is to set them on the object (the VM in this case). If you know of another way, I'm all ears. As of now I'm looking for a scripting method to apply permissions to all VM's in specific folders.

0 Kudos
LucD
Leadership
Leadership
‎07-18-2018 12:56 PM
Jump to solution

No, not really.

So, if I understand correctly, the following should do the role for a specific AD group.

Or do you mean something else?

$folderName = 'MyFolder'

Get-Folder -Name $folderName | Get-VM |

New-VIPermission -Principal domain\group -Role YourRole


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
popek
Contributor
Contributor
‎07-20-2018 05:43 AM
Jump to solution

Thank you for your help. I was able to get this working with your help. Take care!

0 Kudos