Product Documentation

New-BrokerEntitlementPolicyRule

Nov 06, 2015

Creates a new desktop rule in the site's entitlement policy.

Syntax

New-BrokerEntitlementPolicyRule [-Name] <String> -DesktopGroupUid <Int32> [-ColorDepth <ColorDepth>] [-Description <String>] [-Enabled <Boolean>] [-ExcludedUserFilterEnabled <Boolean>] [-ExcludedUsers <User[]>] [-IconUid <Int32>] [-IncludedUserFilterEnabled <Boolean>] [-IncludedUsers <User[]>] [-PublishedName <String>] [-SecureIcaRequired <Boolean>] [-UUID <Guid>] [-LoggingId <Guid>] [-AdminAddress <String>] [<CommonParameters>]

Detailed Description

The New-BrokerEntitlementPolicyRule cmdlet adds a new desktop rule to the site's entitlement policy.

A desktop rule in the entitlement policy defines the users who are allowed per-session access to a machine from the rule's associated desktop group to run a full desktop session.

The following constraints apply when creating a desktop entitlement rule for a desktop group:

o The group's desktop kind must be Shared

o The group's delivery type must be DesktopsOnly or DesktopsAndApps

When a user selects a desktop entitlement published from a shared group, a machine is selected from the group on which to run the desktop session. No permanent association exists between the user and the selected machine; once the session ends the association also ends.

Multiple desktop rules in the entitlement policy can apply to the same desktop group. Where a user is granted an entitlement by more than one rule for the same group, they can use as many desktop sessions at the same time as they have entitlements.

Parameters

-Name<String>

Specifies the administrative name of the new desktop rule. Each rule in the site's entitlement policy must have a unique name (irrespective of whether they are desktop or application rules).

Required? true
Default Value  
Accept Pipeline Input? true (ByPropertyName)

-DesktopGroupUid<Int32>

Specifies the unique ID of the desktop group to which the new desktop rule applies.

Required? true
Default Value  
Accept Pipeline Input? true (ByPropertyName)

-ColorDepth<ColorDepth>

Specifies the color depth of any desktop sessions launched by a user from this entitlement.

Valid values are $null, FourBit, EightBit, SixteenBit, and TwentyFourBit.

The default null value indicates that the equivalent setting from the rule's desktop group is used.

Required? false
Default Value null (dynamically inherited from the desktop group)
Accept Pipeline Input? true (ByPropertyName)

-Description<String>

Specifies an optional description of the new desktop rule. The text may be visible to the end user, for example, as a tooltip associated with the desktop entitlement.

The default null value indicates that the equivalent setting from the rule's desktop group is used.

Required? false
Default Value null (dynamically inherited from the desktop group)
Accept Pipeline Input? true (ByPropertyName)

-Enabled<Boolean>

Specifies whether the new desktop rule is initially enabled. A disabled rule is ignored when evaluating the site's entitlement policy.

Required? false
Default Value true
Accept Pipeline Input? true (ByPropertyName)

-ExcludedUserFilterEnabled<Boolean>

Specifies whether the excluded users filter is initially enabled. If the filter is disabled then any user entries in the filter are ignored when entitlement policy rules are evaluated.

Required? false
Default Value false
Accept Pipeline Input? true (ByPropertyName)

-ExcludedUsers<User[]>

Specifies the excluded users filter of the desktop rule, that is, the users and groups who are explicitly denied an entitlement to a desktop session from the new rule.

This can be used to exclude users or groups who would otherwise gain access by groups specified in the included users filter.

Required? false
Default Value (empty list)
Accept Pipeline Input? true (ByPropertyName)

-IconUid<Int32>

Specifies the unique ID of the icon used to display the desktop session entitlement to the user.

The default null value indicates that the equivalent setting from the rule's desktop group is used.

Required? false
Default Value null (dynamically inherited from the desktop group)
Accept Pipeline Input? true (ByPropertyName)

-IncludedUserFilterEnabled<Boolean>

Specifies whether the included users filter is initially enabled. If the filter is disabled then any user who satisfies the requirements of the access policy is implicitly granted an entitlement to a desktop session by the new rule.

Users who would be implicitly granted access when the filter is disabled can still be explicitly denied access using the excluded users filter.

Required? false
Default Value true
Accept Pipeline Input? true (ByPropertyName)

-IncludedUsers<User[]>

Specifies the included users filter of the rule, that is, the users and groups who are granted an entitlement to a desktop session by the new rule.

If a user appears explicitly in the excluded users filter of the rule or is a member of a group that appears in the excluded users filter, no entitlement is granted whether or not the user appears in the included users filter.

Required? false
Default Value (empty list)
Accept Pipeline Input? true (ByPropertyName)

-PublishedName<String>

The name of the new desktop session entitlement as seen by the user.

The default null value indicates that the equivalent setting from the rule's desktop group is used.

Required? false
Default Value null (dynamically inherited from the desktop group)
Accept Pipeline Input? true (ByPropertyName)

-SecureIcaRequired<Boolean>

Specifies whether the new desktop rule requires the SecureICA protocol for desktop sessions launched using the entitlement.

The default null value indicates that the equivalent setting from the rule's desktop group is used.

Required? false
Default Value null (dynamically inherited from the desktop group)
Accept Pipeline Input? true (ByPropertyName)

-UUID<Guid>

An optional GUID for this rule.

Required? false
Default Value A new GUID is generated if none is supplied.
Accept Pipeline Input? true (ByPropertyName)

-LoggingId<Guid>

Specifies the identifier of the high level operation that this cmdlet call forms a part of. Desktop Studio and Desktop Director typically create High Level Operations. PowerShell scripts can also wrap a series of cmdlet calls in a High Level Operation by way of the Start-LogHighLevelOperation and Stop-LogHighLevelOperation cmdlets.

Required? false
Default Value  
Accept Pipeline Input? false

-AdminAddress<String>

Specifies the address of a XenDesktop controller that the PowerShell snapin will connect to. This can be provided as a host name or an IP address.

Required? false
Default Value Localhost. Once a value is provided by any cmdlet, this value will become the default.
Accept Pipeline Input? false

Input Type

None You cannot pipe input into this cmdlet.

Return Values

Citrix.Broker.Admin.SDK.EntitlementPolicyRule

New-BrokerEntitlementPolicyRule returns the newly created desktop rule in the entitlement policy.

Examples

-------------------------- EXAMPLE 1 --------------------------

C:\PS> $dg = Get-BrokerDesktopGroup 'Customer Support' 
C:\PS> New-BrokerEntitlementPolicyRule 'UK Office' -DesktopGroupUid $dg.Uid -IncludedUsers support\uk-staff -PublishedName 'Support Desktop'

Creates an desktop rule in the entitlement policy that entitles all members of the SUPPROT\uk-staff group to a desktop session from the Customer Support desktop group. The desktop entitlement name seen by users is Support Desktop.