Remove-CMSecurityRole
Remove a custom security role.
Syntax
SearchByValueMandatory (Default)
Remove-CMSecurityRole
-InputObject <IResultObject>
[-Force]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SearchByIdMandatory
Remove-CMSecurityRole
-Id <String>
[-Force]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SearchByNameMandatory
Remove-CMSecurityRole
-Name <String>
[-Force]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Use this cmdlet to remove a custom security role from Configuration Manager. Specify the name or ID of a security role you want to remove or use the Get-CMSecurityRole cmdlet to get one.
You can use the Remove-CMSecurityRole cmdlet to remove old, unneeded custom security roles. You can't remove built-in security roles. Every administrative user must have at least one security role. Before you remove a security role, make sure every user has a role in addition to the one you remove.
For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Remove a security role by using a name
This command removes a security role named MainSecurityRole. The command uses the Force parameter, so it doesn't prompt you for confirmation.
Remove-CMSecurityRole -Name "MainSecurityRole" -Force
Example 2: Remove a security role by using a variable
The first command uses the Get-CMSecurityRole cmdlet to get all security roles that start with Custom, and stores them in the $role variable.
The second command removes the first security role stored in the array. Since it doesn't specify the Force parameter, this command prompts for confirmation.
$role = Get-CMSecurityRole -Name "Custom*"
Remove-CMSecurityRole -InputObject $role[1]
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Id
Specify the ID of the security role to remove. This value is the RoleID property. Since this cmdlet only works with custom roles, this value should always start with the site code. (IDs for built-in roles start with SMS.)
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RoleId |
Parameter sets
SearchByIdMandatory
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InputObject
Specify a security role object to remove. To get this object, use the Get-CMSecurityRole cmdlet.
Parameter properties
| Type: | IResultObject |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
SearchByValueMandatory
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specify the name of the security role to remove.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | True |
| DontShow: | False |
| Aliases: | RoleName |
Parameter sets
SearchByNameMandatory
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.