Spezza1Fan Posted September 21, 2015 Report post Posted September 21, 2015 Does anyone know a way of removing a users ability to add collections to Collections. Basically I set up a custom security role for our Help Desk Employees and only allowed them to import new computers and the ability to add computers from one collection to another collection for PXE booting / OSD deployments. Now the problem that I have now seen is that someone added a Collection containing 1500 workstations and laptops to another collection that was about to be used for PXE deployments. Thankfully it had not gotten to that point. However I can see this is a huge problem. How can I prevent adding collections to collections while still having the ability to add Computer objects to the collections. Permissions: Collections: Read, Modify, Remote Control, Modify Resource, Read Resource, Move Object, Modify Collection Setting, Modify Folder ,Control AMT, Modify Client Status Alert Computer Association: Read, Delete, Create, Move Object, Modify Folder, Recover User State, Run Report, Modify Report Query Read, Delete, Move Object, Modify Folder Site: Read, Import Computers They currently do not have access to the All system collection and only have access to a special collection containing 1500 workstations and Laptops. This is unavoidable as this is how many systems our Help Desk would have to manage and potentially perform a PXE boot / OSD deployment on. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted September 22, 2015 Report post Posted September 22, 2015 The problem is within the scoping. When those users are scoped to collections containing those devices, there is not much you can do from preventing them from adding those devices to a collection. Quote Share this post Link to post Share on other sites More sharing options...
