Powershell Script: Remote App Permissions Audit

dafyre

Hi All,

The script below has been written by yours truly... I'm hoping that anybody else with a Remote App infrastructure can test this for me and let me know your results...

It parses through the list of users in the group specified on the command line, and outputs a CSV detailing which Remote Apps each user has access to. At the moment, this code must be run from the connection broker. It has been written for Server 2012 R2 / Powershell v4.

Example:

./rappAudit.ps1 -groupName "RAPP_USERS" -auditFile "rapp_audit.csv"

Would generate a CSV file called "rapp_audit" in the current folder for everyone in the "RAPP_USERS" group.

The output would be something similar to:
User,App1,App2,App3,App4
email,x,-,-,x

Where email is actually the user's UPN, and X indicates they DO have access to the application. Dashes (-) indicate they do not.

To prevent cluttering up this post with the 140 lines of code, I figure'd I'd link to it as a text file:

http://brant.wellston.net/rappAudit.txt

Feel free to flame me, make fun of my code, or point out things I can do better.

I make no warranties that this code won't fry your brain, overclock your CPU, or cause the FBI to come knocking at your door. Side effects include higher load on AD servers, upset stomach, knowledge of who has access to your apps, and runny nose.

Again, the link is: http://brant.wellston.net/rappAudit.txt

Minion Queen

@dafyre Can anyone help out and do some testing?

dafyre

@Minion-Queen -- Yes, this code is available for anyone to test. It needs to be run from the Connection Broker, for now.

If folks find it useful enough, I may change that.