Update CWControl with Restricted Machine State
Summary
This script will transfer the members of the Restricted Machines group in ConnectWise Automate to an equivalent permission set in ConnectWise Control.
This script has ConnectWise Control manual setup requirements!
Sample Run
This script should be scheduled to run on a schedule and preferably not run manually.
Requirements
- ConnectWise Control Manual Steps
- Log into your ScreenConnect portal as an admin.
- Clone the All Machines group.
- Edit the clone name to "All Unrestricted Machines."
- Edit the clone session filter to
CustomProperty7 <> 'restricted'. - Subgroup expressions should match the All Machines group.
- Save the clone.
- Clone the All Machines group again and name the clone "All Restricted Machines."
- Edit the session filter to add
CustomProperty7 = 'restricted'. - Subgroup expressions should remain the same as the All Machines group.
- Create a security role named "Restricted Users."
- Deselect all items in global permissions.
- Only select the "All Unrestricted Machines" group in scoped machines, and select "Select All" in configurable permissions.
- Save the role.
- Add any restricted users to the Restricted Users group.
Variables
Document the various variables in the script. Delete any section that is not relevant to your script.
| Name | Description |
|---|---|
| GroupID | Holds the group ID for the Restricted Machines group. |
| SqlDataSet | Holds all computers listed in the Restricted Machines group. |
| Httpplugin_headers | Needed for the RMM+ plugin |
| AccessKey | Needed for the RMM+ plugin push command |
| Group | Needed for the RMM+ plugin push command |
| SCURL | The ScreenConnect URL |
| Port | The port designated in the ScreenConnect table |
| SCFormattedUrl | The URL formatted to be used by the RMM+ plugin. |
| SCCommandUrl | The post call command |
| Iteration | Used to stay within the bounds of the found computers |
| sc_guid | The ScreenConnect GUID for the target computer |
| PluginResult | The result of setting CustomProperty7 to restricted in ScreenConnect. |
Process
- Set up the plugin push call variables.
- Obtain the group ID for the All Agents group.
- Get all members of the All Agents group.
- Set the custom value to 'Restricted Off.'
- Loop through all computers, setting Custom Property 7 to 'Restricted Off.'
- Obtain the group ID for the Restricted Machines group.
- Get all members of the Restricted Machines group.
- Set up the plugin push call variables.
- Loop through all computers, setting Custom Property 7 to 'Restricted.'
- If any failures occur, log the failure and continue the loop.
- Continue the loop until all computers are complete.
Output
- Script log