Manage User Access Control in convenient way with Powershell

Now Sitecore PowerShell Extensions provides a User Account Control (UAC) feature akin to that of Microsoft Windows. Security is very important but can be annoying. An elevated session state is required to run the script. Each time when elevated session state expires then you will be prompt for credentials.

Fortunately, there are settings in the file ‘Cognifide.PowerShell.config’, where default settings can be changed. For me, the most inconvenience is that I need to edit the file. Sometimes I do not have access to the server but only to the Sitecore client. Powershell will help a little 🙂

SPE security settings

You can use this function to change default security settings. You can do this from a SPE console in Sitecore, but remember that this script will change a config file and Sitecore will be restarted.

# Session expires after 30 minutes
Set-UAC4SPE -Token ISE -Expiration '00:30:00'
function Get-DefaultSpeConfig()
# $AppPath is SPE console variable, see Variables on
if( $AppPath -ne $null )
return Join-Path Path $AppPath ChildPath "App_Config\Include\Cognifide.PowerShell.config"
function Set-UAC4SPE
Sets an User Access Control parameters for Sitecore Powershell Extension
More about Sitecore Powershell Extension security
This is part of
An unique string used for the gate token attribute ('Default','Console','ISE','ItemSave')
An action to perform when session elevation is triggered (Allow, Block, Password)
.PARAMETER Expiration
A timespan used to determine the elevated session lifetime (hh:mm:ss)
A path to Cognifide.PowerShell.config.
If this function is used in a SPE console then default parameter should be enough Get-DefaultSpeConfig
Set-UAC4SPE -Token Console -Expiration '00:06:00'
Set-UAC4SPE -Token Console -Expiration '00:06:00' -Action Allow
PowerShell will number them for you when it displays your help text to a user.
[string]$Token = $null,
[string]$Action = $null,
[string]$Expiration = $null,
[string]$SpeConfig = (Get-DefaultSpeConfig)
Write-Verbose "Set User Account Control in file $SpeConfig"
[xml]$XmlDocument = Get-Content Path $SpeConfig
$xpath = "//configuration/sitecore/powershell/userAccountControl/tokens//token[@name = '$Token' ]"
$tokenNode = $XmlDocument.SelectSingleNode($xpath)
if( $Action -ne '' )
$tokenNode.Attributes["elevationAction"].Value = $Action
if ($pscmdlet.ShouldProcess("Set elevationAction to $Action on $SpeConfig"))
if( $Expiration -ne '' )
$tokenNode.Attributes["expiration"].Value = $Expiration
if ($pscmdlet.ShouldProcess("Set expiration to $Expiration on $SpeConfig"))
view raw Set-UAC4SPE.ps1 hosted with ❤ by GitHub

1 comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: