Custom Command Question

I have noticed, and maybe I am doing something wrong, but it appears even though i have a Security Role that deny's full control to all objects (your blind role modified), users can still run custom commands via the web interface. But, if i deny them the ' Execute all custom commands' in any other rule it works like its supposed to. i don't understand. Why doesn't the full control cover executing custom commands.

the problem is that everytime we add a new rule, we don't want to go exclude it somewhere.

by (80 points)

1 Answer

by (18.0k points)
0 votes

Hello,

If you deny the Full Control permission for a user, the user will not be able to neither perform any operation in AD (including execution of Custom Commands), nor view any object in Active Directory. In your case, I think something is wrong with the user assignment. Could you send me a screenshot with the assignments of the role?

the problem is that everytime we add a new rule, we don't want to go exclude it somewhere.

Do you mean Custom Command (not rule)? When you create a Custom Command, by default, users don't have the right to execute it. However, some built-in Security Roles (e.g. Help Desk) grant the Execute All Custom Commands permission. If you don't want users to be able to execute Custom Commands, just delete that permission from the Security Roles assigned to the users.

Related questions

How would I enforce users only being added to a group I've created from a custom command / script?

Hello, We are currently rolling out a deployment for Windows Hello. For this, we have created a custom automation in Adaxes for users to have to reset their passwords on ... this group? Or, do you have another recommendation for getting this done? Thank you.

asked 3 days ago by aewilliams.324 (20 points)
0 votes
1 answer
Bypass approval if custom command is executed

Hi team, we have a basic approval setup for a specific group I would like to bypass this, in case a specific custom command is executed and trying to add a member to this group ... ? I tried to play around with "If the initiator is xxx" but had no success yet.

asked Apr 10, 2025 by wintec01 (2.5k points)
0 votes
1 answer
Error while execution of custom command ms-graph

We currently have a custom command implemented that sends a remove passcode command to a DEP managed iOS device. The script works fine when testing in the Adminstration console, ... { $Context.LogMessage("Failing to send Wipe command", "Warning") return } }

asked Feb 11, 2025 by alexalex (60 points)
0 votes
1 answer
Pass variables to a custom command (Powershell script)

I have a number of custom Powershell scripts that add users to Teams, groups, etc. I re-use these scripts dozens of times for different conditions and only change one ... possible to convert this script to a custom command and pass parameters to it instead?

asked Dec 16, 2024 by cwyant-hfg (40 points)
0 votes
1 answer
Add group to Business Unit by executing custom command

Dear, I'm having issue in adding a group to a Business Unit. The situation is as following: We have given our IT ServiceDesk access to manage certain groups. This is ... Unit.", "Information") Can you please verify what is preventing the addition? Thank you.

asked Nov 29, 2024 by alexalex (60 points)
0 votes
1 answer