Remove-DomainUserFromLocalNodeAuthorizationGroup

Synopsis

Removes a user from a node's authorization group.

Syntax

Remove-DomainUserFromLocalNodeAuthorizationGroup [-DomainUserName] <String[]> [-Admin <SwitchParameter>] [-ReadOnly <SwitchParameter>] [-Client <SwitchParameter>] [-Machine <SwitchParameter>]

Detailed Description

The Remove-DomainUserFromLocalNodeAuthorizationGroup function removes a Windows domain user or group from one or more Distributed Computing Cluster authorization groups. Removing a user from an authorization group prevents that user from accessing the functionality available to the group.

Authorization in Laserfiche Distributed Computing Cluster

Laserfiche Distributed Computing Cluster supports authorization to restrict the operations performed by different users.

A Scheduler has four authorization groups (or roles) that Windows users can be assigned to.

Admin: Users in the Admin authorization group can view administrative information and make changes to the cluster.
ReadOnly: Users in the ReadOnly authorization group can view administrative information on a cluster, but cannot make changes.
Client: Users in the Client authorization group can run jobs on a cluster.
Machine: Users in the Machine authorization group can start operations that are meant to be started by other nodes in the cluster. A node's Machine authorization group should contain all the service users that the other nodes in the cluster run as.

Workers only use the Machine role.

Note: Authorization is only enforced if the node's AuthenticationMode is set to Windows.

Parameters

-DomainUserName <String[]>
	The domain username of the user or group that will be added to the authorization group (e.g., "LASERFICHE\John.Doe").
	Required?                    true
	Position?                    1
	Default value
	Accept pipeline input?       true (ByValue)
	Accept wildcard characters?  false
-Admin <SwitchParameter>
	Specifies that the user or group should be removed from the Admin authorization group.
	Required?                    false
	Position?                    named
	Default value
	Accept pipeline input?       false
	Accept wildcard characters?  false
-ReadOnly <SwitchParameter>
	Specifies that the user or group should be removed from the ReadOnly authorization group.
	Required?                    false
	Position?                    named
	Default value
	Accept pipeline input?       false
	Accept wildcard characters?  false
-Client <SwitchParameter>
	Specifies that the user or group should be removed from the Client authorization group.
	Required?                    false
	Position?                    named
	Default value
	Accept pipeline input?       false
	Accept wildcard characters?  false
-Machine <SwitchParameter>
	Specifies that the user or group should be removed from the Machine authorization group.
	Required?                    false
	Position?                    named
	Default value
	Accept pipeline input?       false
	Accept wildcard characters?  false

Inputs

System.String

You can pipe user names of domain users as strings to Remove-DomainUserFromLocalNodeAuthorizationGroup.

Outputs

None

This function does not return any output.

Examples

Example 1

This command removes the user, John.Doe, of the Laserfiche domain from the Admin group.

PS C:\> Remove-DomainUserfromLocalNodeAuthorizationGroup -DomainUserName "LASERFICHE\John.Doe" -Admin