Creating the Administrator
Now that we can read the privileges from an existing administrator object we can determine which privileges to write to a new administrator. In this post I have listed a script that you can use to create the custom administrator account.
This script uses arrays of values for the privileges (I’ve used the value rather than their names to reduce the size of the script. See the SDK documentation if you would rather refer to the privileges by their names). The arrays listed in the code will set every single privilege so you will need to edit them when setting your own administrator accounts.
The script can be broken down into this process:
- Set the privilege arrays.
- Return the list of Application and Server folders.
- Bind to the Presentation Server farm.
- Create the administrator account.
- Bind to the new administrator account and set the first set of privileges.
- Bind to the Server folders and assign privileges to the new administrator account.
- Bind to the Applications folders and assign privileges to the new administrator account.
The script uses a function to add privileges to the Application or Server folders. Pass the folder name, the folder type (MetaFrameAppFolder or MetaFrameSrvFolder), the account domain and account name and the privilege set as an array and the function does the rest.
During testing I have noticed that the privileges are not set on the last Application folder in the list - if you take a look at the code you can see that I am setting the privileges on that folder a second time. If anyone else is seeing this behaviour please let me know.