myITforum and Windows IT Pro Forums

 Security Permissions help

Author Message
chiners_68

  • Total Posts : 846
  • Scores: 5
  • Reward points : 86070
  • Joined: 10/31/2007
  • Status: offline
Security Permissions help Thursday, May 01, 2014 11:50 AM (permalink)
0
Scenario
We have both clients in SCCM but don't want the Technicians to be able to see, deploy etc. to the Servers
 
I setup the Technicians security group as 'Operations Administrators' and set them up so they could see all collections bar Servers & all systems. This worked fine and the technicians didn't mange to see the servers.
 
Now they are deploying surface Pro's they need to use a couple of queries I setup to find MAC & BIOS GUID. When they search for any of these addresses nothing is returned. I have had to give them permissions to all collections again for the queries to work. How can I restrict the technicians so they cannot deploy or do anything to our servers?
 
#1
    klopez

    • Total Posts : 95
    • Scores: 0
    • Reward points : 38340
    • Joined: 8/10/2009
    • Location: Fresno, CA
    • Status: offline
    Re:Security Permissions help Wednesday, May 28, 2014 3:31 PM (permalink)
    0
    Have you tried creating a collection of the objects they can see and giving them access to that collection only to query against?
     
    I have to opposite problem.  Server team shouldn't be able to see the workstations.  So I created an All Windows Servers collection and Scoped the SRV Admins to that collection.
     
    Hope that helps
    Thank you,

    Kathy Lopez
     
    #2
      mlucero

      • Total Posts : 947
      • Scores: 42
      • Reward points : 25000
      • Joined: 4/1/2005
      • Location: Austin, Texas
      • Status: offline
      Re:Security Permissions help Friday, May 30, 2014 5:39 PM (permalink)
      0
      A little deeper explanation to what Kathy says above.
       
      The reason you are having issues is you need to give modify rights to your limiting collection and typically, people set the limiting collection to the All Systems collection.  A way to do what you want without giving them access to the All Systems collection is to create an "All Systems Collection - Workstations" and an "All Systems Collection - Servers"  which are specifically for use in creating security contexts for your desktop and server groups.
       
      Create all collections they need to handle with the limiting collection pointed to their specific All Systems - XXXXXXX  collection.  You'll just need to remember this when you create collections in the future which are to be scoped to a specific administrative group.
      Mike Lucero
      Round Rock, Texas
       
      #3
        Online Bookmarks Sharing: Share/Bookmark

        Jump to:

        Current active users

        There are 0 members and 2 guests.

        Icon Legend and Permission

        • New Messages
        • No New Messages
        • Hot Topic w/ New Messages
        • Hot Topic w/o New Messages
        • Locked w/ New Messages
        • Locked w/o New Messages
        • Read Message
        • Post New Thread
        • Reply to message
        • Post New Poll
        • Submit Vote
        • Post reward post
        • Delete my own posts
        • Delete my own threads
        • Rate post

        2000-2014 ASPPlayground.NET Forum Version 3.9