- about_Broker_AccessPolicy
- about_Broker_Applications
- about_Broker_AssignmentPolicy
- about_Broker_Concepts
- about_Broker_ConfigurationSlots
- about_Broker_ControllerDiscovery
- about_Broker_Desktops
- about_Broker_EntitlementPolicy
- about_Broker_ErrorHandling
- about_Broker_Filtering
- about_Broker_Licensing
- about_Broker_Machines
- about_Broker_Policies
- about_Broker_PostInstallPreConfiguration
- about_Broker_PowerManagement
- about_Broker_RemotePC
- Add-BrokerApplication
- Add-BrokerDesktopGroup
- Add-BrokerMachine
- Add-BrokerMachineConfiguration
- Add-BrokerMachinesToDesktopGroup
- Add-BrokerScope
- Add-BrokerTag
- Add-BrokerUser
- Disconnect-BrokerSession
- Export-BrokerDesktopPolicy
- Get-BrokerAccessPolicyRule
- Get-BrokerAppAssignmentPolicyRule
- Get-BrokerAppEntitlementPolicyRule
- Get-BrokerApplication
- Get-BrokerApplicationInstance
- Get-BrokerAssignmentPolicyRule
- Get-BrokerCatalog
- Get-BrokerConfigurationSlot
- Get-BrokerConfiguredFTA
- Get-BrokerConnectionLog
- Get-BrokerController
- Get-BrokerDBConnection
- Get-BrokerDBSchema
- Get-BrokerDBVersionChangeScript
- Get-BrokerDelayedHostingPowerAction
- Get-BrokerDesktop
- Get-BrokerDesktopGroup
- Get-BrokerDesktopUsage
- Get-BrokerEntitlementPolicyRule
- Get-BrokerHostingPowerAction
- Get-BrokerHypervisorAlert
- Get-BrokerHypervisorConnection
- Get-BrokerIcon
- Get-BrokerImportedFTA
- Get-BrokerInstalledDbVersion
- Get-BrokerMachine
- Get-BrokerMachineCommand
- Get-BrokerMachineConfiguration
- Get-BrokerMachineStartMenuShortcutIcon
- Get-BrokerMachineStartMenuShortcuts
- Get-BrokerPowerTimeScheme
- Get-BrokerPrivateDesktop
- Get-BrokerRebootCycle
- Get-BrokerRebootSchedule
- Get-BrokerRemotePCAccount
- Get-BrokerResource
- Get-BrokerScopedObject
- Get-BrokerServiceAddedCapability
- Get-BrokerServiceInstance
- Get-BrokerServiceStatus
- Get-BrokerSession
- Get-BrokerSharedDesktop
- Get-BrokerSite
- Get-BrokerTag
- Get-BrokerUnconfiguredMachine
- Get-BrokerUser
- Group-BrokerDesktop
- Group-BrokerMachine
- Import-BrokerDesktopPolicy
- New-BrokerAccessPolicyRule
- New-BrokerAppAssignmentPolicyRule
- New-BrokerAppEntitlementPolicyRule
- New-BrokerApplication
- New-BrokerAssignmentPolicyRule
- New-BrokerCatalog
- New-BrokerConfigurationSlot
- New-BrokerConfiguredFTA
- New-BrokerDelayedHostingPowerAction
- New-BrokerDesktopGroup
- New-BrokerEntitlementPolicyRule
- New-BrokerHostingPowerAction
- New-BrokerHypervisorConnection
- New-BrokerIcon
- New-BrokerMachine
- New-BrokerMachineCommand
- New-BrokerMachineConfiguration
- New-BrokerPowerTimeScheme
- New-BrokerRebootSchedule
- New-BrokerRemotePCAccount
- New-BrokerTag
- New-BrokerUser
- Remove-BrokerAccessPolicyRule
- Remove-BrokerAccessPolicyRuleMetadata
- Remove-BrokerAppAssignmentPolicyRule
- Remove-BrokerAppEntitlementPolicyRule
- Remove-BrokerApplication
- Remove-BrokerApplicationInstanceMetadata
- Remove-BrokerApplicationMetadata
- Remove-BrokerAssignmentPolicyRule
- Remove-BrokerAssignmentPolicyRuleMetadata
- Remove-BrokerCatalog
- Remove-BrokerCatalogMetadata
- Remove-BrokerConfigurationSlot
- Remove-BrokerConfigurationSlotMetadata
- Remove-BrokerConfiguredFTA
- Remove-BrokerControllerMetadata
- Remove-BrokerDelayedHostingPowerAction
- Remove-BrokerDesktopGroup
- Remove-BrokerDesktopGroupMetadata
- Remove-BrokerEntitlementPolicyRule
- Remove-BrokerEntitlementPolicyRuleMetadata
- Remove-BrokerHostingPowerAction
- Remove-BrokerHostingPowerActionMetadata
- Remove-BrokerHypervisorAlertMetadata
- Remove-BrokerHypervisorConnection
- Remove-BrokerHypervisorConnectionMetadata
- Remove-BrokerIcon
- Remove-BrokerIconMetadata
- Remove-BrokerImportedFTA
- Remove-BrokerMachine
- Remove-BrokerMachineCommand
- Remove-BrokerMachineCommandMetadata
- Remove-BrokerMachineConfiguration
- Remove-BrokerMachineConfigurationMetadata
- Remove-BrokerMachineMetadata
- Remove-BrokerPowerTimeScheme
- Remove-BrokerPowerTimeSchemeMetadata
- Remove-BrokerRebootCycleMetadata
- Remove-BrokerRebootSchedule
- Remove-BrokerRemotePCAccount
- Remove-BrokerScope
- Remove-BrokerSessionMetadata
- Remove-BrokerSiteMetadata
- Remove-BrokerTag
- Remove-BrokerTagMetadata
- Remove-BrokerUser
- Rename-BrokerAccessPolicyRule
- Rename-BrokerAppAssignmentPolicyRule
- Rename-BrokerAppEntitlementPolicyRule
- Rename-BrokerApplication
- Rename-BrokerAssignmentPolicyRule
- Rename-BrokerCatalog
- Rename-BrokerDesktopGroup
- Rename-BrokerEntitlementPolicyRule
- Rename-BrokerMachineConfiguration
- Rename-BrokerPowerTimeScheme
- Rename-BrokerTag
- Reset-BrokerLicensingConnection
- Reset-BrokerServiceGroupMembership
- Send-BrokerSessionMessage
- Set-BrokerAccessPolicyRule
- Set-BrokerAccessPolicyRuleMetadata
- Set-BrokerAppAssignmentPolicyRule
- Set-BrokerAppEntitlementPolicyRule
- Set-BrokerApplication
- Set-BrokerApplicationInstanceMetadata
- Set-BrokerApplicationMetadata
- Set-BrokerAssignmentPolicyRule
- Set-BrokerAssignmentPolicyRuleMetadata
- Set-BrokerCatalog
- Set-BrokerCatalogMetadata
- Set-BrokerConfigurationSlotMetadata
- Set-BrokerControllerMetadata
- Set-BrokerDBConnection
- Set-BrokerDesktopGroup
- Set-BrokerDesktopGroupMetadata
- Set-BrokerEntitlementPolicyRule
- Set-BrokerEntitlementPolicyRuleMetadata
- Set-BrokerHostingPowerAction
- Set-BrokerHostingPowerActionMetadata
- Set-BrokerHypervisorAlertMetadata
- Set-BrokerHypervisorConnection
- Set-BrokerHypervisorConnectionMetadata
- Set-BrokerIconMetadata
- Set-BrokerMachine
- Set-BrokerMachineCatalog
- Set-BrokerMachineCommandMetadata
- Set-BrokerMachineConfiguration
- Set-BrokerMachineConfigurationMetadata
- Set-BrokerMachineMaintenanceMode
- Set-BrokerMachineMetadata
- Set-BrokerPowerTimeScheme
- Set-BrokerPowerTimeSchemeMetadata
- Set-BrokerPrivateDesktop
- Set-BrokerRebootCycleMetadata
- Set-BrokerRebootSchedule
- Set-BrokerRemotePCAccount
- Set-BrokerSession
- Set-BrokerSessionMetadata
- Set-BrokerSharedDesktop
- Set-BrokerSite
- Set-BrokerSiteMetadata
- Set-BrokerTagMetadata
- Start-BrokerCatalogPvdImagePrepare
- Start-BrokerMachinePvdImagePrepare
- Start-BrokerNaturalRebootCycle
- Start-BrokerRebootCycle
- Stop-BrokerRebootCycle
- Stop-BrokerSession
- Test-BrokerAccessPolicyRuleNameAvailable
- Test-BrokerAppAssignmentPolicyRuleNameAvailable
- Test-BrokerAppEntitlementPolicyRuleNameAvailable
- Test-BrokerApplicationNameAvailable
- Test-BrokerAssignmentPolicyRuleNameAvailable
- Test-BrokerCatalogNameAvailable
- Test-BrokerDBConnection
- Test-BrokerDesktopGroupNameAvailable
- Test-BrokerEntitlementPolicyRuleNameAvailable
- Test-BrokerLicenseServer
- Test-BrokerMachineNameAvailable
- Test-BrokerPowerTimeSchemeNameAvailable
- Test-BrokerRemotePCAccountNameAvailable
- Update-BrokerImportedFTA
- Update-BrokerNameCache
New-BrokerAppEntitlementPolicyRule
Nov 18, 2015
Creates a new application rule in the site's entitlement policy.
Syntax
New-BrokerAppEntitlementPolicyRule [-Name] <String> -DesktopGroupUid <Int32> [-Description <String>] [-Enabled <Boolean>] [-ExcludedUserFilterEnabled <Boolean>] [-ExcludedUsers <User[]>] [-IncludedUserFilterEnabled <Boolean>] [-IncludedUsers <User[]>] [-LoggingId <Guid>] [-AdminAddress <String>] [<CommonParameters>]
Detailed Description
The New-BrokerAppEntitlementPolicyRule cmdlet adds a new application rule to the site's entitlement policy.
An application rule in the entitlement policy defines the users who are allowed per-session access to a machine to run one or more applications published from the rule's desktop group.
The following constraints apply when creating an application entitlement rule for a desktop group:
o The group's desktop kind must be Shared
o The group's delivery type must be AppsOnly or DesktopsAndApps
o Only a single application rule can apply to a given group
When a user selects an application published from a shared group, a machine is selected from the group on which to run the application. No permanent association exists between the user and the selected machine; once the session ends the association also ends.
Even though only a single application entitlement and therefore session can be defined for a group, the user can still run multiple applications from the group because the applications run within the same session.
Parameters
-Name<String>
Specifies the administrative name of the new application rule. Each rule in the site's entitlement policy must have a unique name (irrespective of whether they are desktop or application rules).
| Required? | true |
| Default Value | |
| Accept Pipeline Input? | true (ByPropertyName) |
-DesktopGroupUid<Int32>
Specifies the unique ID of the desktop group to which the new application rule applies.
| Required? | true |
| Default Value | |
| Accept Pipeline Input? | true (ByPropertyName) |
-Description<String>
Specifies an optional description of the new application rule. The text is purely informational for the administrator, it is never visible to the end user.
| Required? | false |
| Default Value | null |
| Accept Pipeline Input? | true (ByPropertyName) |
-Enabled<Boolean>
Specifies whether the new application rule is initially enabled. A disabled rule is ignored when evaluating the site's entitlement policy.
| Required? | false |
| Default Value | true |
| Accept Pipeline Input? | true (ByPropertyName) |
-ExcludedUserFilterEnabled<Boolean>
Specifies whether the excluded users filter is initially enabled. If the filter is disabled then any user entries in the filter are ignored when entitlement policy rules are evaluated.
| Required? | false |
| Default Value | false |
| Accept Pipeline Input? | true (ByPropertyName) |
-ExcludedUsers<User[]>
Specifies the excluded users filter of the application rule, that is, the users and groups who are explicitly denied entitlements to published applications from the desktop group.
This can be used to exclude users or groups who would otherwise gain access by groups specified in the included users filter.
| Required? | false |
| Default Value | (empty list) |
| Accept Pipeline Input? | true (ByPropertyName) |
-IncludedUserFilterEnabled<Boolean>
Specifies whether the included users filter is initially enabled. If the filter is disabled then any user who satisfies the requirements of the access policy is implicitly granted an entitlement to an application session by the new rule.
Users who would be implicitly granted access when the filter is disabled can still be explicitly denied access using the excluded users filter.
| Required? | false |
| Default Value | true |
| Accept Pipeline Input? | true (ByPropertyName) |
-IncludedUsers<User[]>
Specifies the included users filter of the application rule, that is, the users and groups who are granted an entitlement to an application session by the new rule.
If a user appears explicitly in the excluded users filter of the rule or is a member of a group that appears in the excluded users filter, no entitlement is granted whether or not the user appears in the included users filter.
| Required? | false |
| Default Value | (empty list) |
| Accept Pipeline Input? | true (ByPropertyName) |
-LoggingId<Guid>
Specifies the identifier of the high level operation that this cmdlet call forms a part of. Desktop Studio and Desktop Director typically create High Level Operations. PowerShell scripts can also wrap a series of cmdlet calls in a High Level Operation by way of the Start-LogHighLevelOperation and Stop-LogHighLevelOperation cmdlets.
| Required? | false |
| Default Value | |
| Accept Pipeline Input? | false |
-AdminAddress<String>
Specifies the address of a XenDesktop controller that the PowerShell snapin will connect to. This can be provided as a host name or an IP address.
| Required? | false |
| Default Value | Localhost. Once a value is provided by any cmdlet, this value will become the default. |
| Accept Pipeline Input? | false |
Input Type
None You cannot pipe input into this cmdlet.
Return Values
Citrix.Broker.Admin.SDK.AppEntitlementPolicyRule
New-BrokerAppEntitlementPolicyRule returns the newly created application rule in the entitlement policy.
Examples
-------------------------- EXAMPLE 1 --------------------------
C:\PS> $dg = Get-BrokerDesktopGroup 'Customer Support' C:\PS> New-BrokerAppEntitlementPolicyRule 'UK Office' -DesktopGroupUid $dg.Uid -IncludedUsers support\uk-staff
Creates an application rule in the entitlement policy that entitles all members of the SUPPORT\uk-staff group to a machine for running applications published from the Customer Support desktop group.