security wise we have several departments that have local IT support and are responsible for their machines/users only (but everyone is in the same AD with separate OUs).
the security model in SCCM is based on this: one Admins group with a select few that have all permissions, one helpdesk group per department with read permissions on site & Report level and some special rights on collection level, one admin group per department with mostly create rights.
the thing is that I noticed now, that everyone who has read permission to the Site Management tree, can enable client push ...
If I withdraw read permission, this has a side-effect that I do not have the 'manage collection membership' rightclick option available in the collection level.
how can I disable read permission to the Site Management level without having to stop the console showing 'manage collection membership' ?
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
I'm busy implementing SCCM 2007 R3.
security wise we have several departments that have local IT support and are responsible for their machines/users only (but everyone is in the same AD with separate OUs).
the security model in SCCM is based on this: one Admins group with a select few that have all permissions, one helpdesk group per department with read permissions on site & Report level and some special rights on collection level, one admin group per department with mostly create rights.
the thing is that I noticed now, that everyone who has read permission to the Site Management tree, can enable client push ...
If I withdraw read permission, this has a side-effect that I do not have the 'manage collection membership' rightclick option available in the collection level.
how can I disable read permission to the Site Management level without having to stop the console showing 'manage collection membership' ?
Share this post
Link to post
Share on other sites