Windows Policy Assignment Not Working

PowerShell Universal
1 
Product: PowerShell Universal
Version: 3.1.0

Not sure what I am doing wrong, but currently have windows auth setup and am trying to assign a custom role like so:

New-PSURole -Name “DBA” -Description “Member of [Domain\DBA Team]” -ClaimType “http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid” -ClaimValue “X-X-X-XX-XXXXXXXXXXXXXXXXXXXXXXXXXXX”

However, when signing in I notice that I am not given this role. I have a dashboard setup that shows all of my claims and within that list I can clearly see the claim value associated to my user. Their appears to be some sort of disconnect, but the setup seems very straightforward so not sure what I am missing.

Edit: This also does not seem to work:

$UserClaims = $User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'XXXXXXXXXXXXXXXXXXXXXXXXXXX')
$IsMember = $false;
if($UserClaims){
$IsMember = $true
}
return $IsMember
2

I ended up removing Windows Authentication after noticing it was disabled in AppSettings. Once I enabled in AppSettings I noticed on the frontend windows auth popped back up. However, the new-psurole -claimtype -claimvalue do not work whatsoever despite the proper claims showing under roles.

The following syntax works for some users, but not others:

$UserClaims = $User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'XXXXXXXXXXXXXXXXXXXX')
$IsMember = $false;
if($UserClaims){
$IsMember = $true
}
return $IsMember

So for the users that that does not work with… I have to use an LDAP member search for the specific group.

3

I noticed that your post is from August 2022, and it’s been a year since then. I hope you’ve managed to resolve the issue you were facing with the Windows policy assignment in PowerShell Universal. If you still need assistance or have any new questions, feel free to reach out. By the way, the link you provided to the guide on exporting and importing local security policies in Windows is quite helpful. Thanks for sharing it! If anyone else comes across this thread and needs guidance on that topic, they can check out the guide using the following link https://anytechstuff.com/how-to-export-and-import-local-security-policy-in-windows/. Wishing you the best!