Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Set User Access Control for SPE
function Get-DefaultSpeConfig()
# $AppPath is SPE console variable, see Variables on
if( $AppPath -ne $null )
return Join-Path -Path $AppPath -ChildPath "App_Config\Include\Cognifide.PowerShell.config"
function Set-UAC4SPE
Sets an User Access Control parameters for Sitecore Powershell Extension
More about Sitecore Powershell Extension security
This is part of
An unique string used for the gate token attribute ('Default','Console','ISE','ItemSave')
An action to perform when session elevation is triggered (Allow, Block, Password)
.PARAMETER Expiration
A timespan used to determine the elevated session lifetime (hh:mm:ss)
A path to Cognifide.PowerShell.config.
If this function is used in a SPE console then default parameter should be enough Get-DefaultSpeConfig
Set-UAC4SPE -Token Console -Expiration '00:06:00'
Set-UAC4SPE -Token Console -Expiration '00:06:00' -Action Allow
PowerShell will number them for you when it displays your help text to a user.
[string]$Token = $null,
[string]$Action = $null,
[string]$Expiration = $null,
[string]$SpeConfig = (Get-DefaultSpeConfig)
Write-Verbose "Set User Account Control in file $SpeConfig"
[xml]$XmlDocument = Get-Content -Path $SpeConfig
$xpath = "//configuration/sitecore/powershell/userAccountControl/tokens//token[@name = '$Token' ]"
$tokenNode = $XmlDocument.SelectSingleNode($xpath)
if( $Action -ne '' )
$tokenNode.Attributes["elevationAction"].Value = $Action
if ($pscmdlet.ShouldProcess("Set elevationAction to $Action on $SpeConfig"))
if( $Expiration -ne '' )
$tokenNode.Attributes["expiration"].Value = $Expiration
if ($pscmdlet.ShouldProcess("Set expiration to $Expiration on $SpeConfig"))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.