Jump to content


barnold

Problems Importing New Machines by Name and MAC Address

Recommended Posts

Hello All,

 

I'm currently banging my head against a problem that I'm sure has a simple solution that I just can't see through the weeds right now. :) Thus I'm turning to you other gurus to see if you can help open my eyes!

 

First, a little background: as I'm sure is common, we have one primary site (no CAS) and I have several divisions who all are their own Config Manager administrators for their own areas. Thus, I've been thankful for Roll Based Administration in Config Manager 2012 to give me better control over the granular security necessary to accomplish this without utilizing separate sites for each political unit. I've run into a snag with importing new computers by MAC address and Computer Name though.

 

The new collection system holds that each collection has to be limited by another. I don't want to give access to "All Systems" to each Config Manager admin, so I create their own "root collection" which is based off of an AD query of their division's root OU in Active Directory. I then directly assign this collection to them in place of "All Systems" using the security section of the Administration work space. However, it turns out that Microsoft says no one can "modify" or "delete" a collection that is directly assigned to them in this fashion, which in turn means they cannot import new machines (via right-clicking on devices and choosing "import computer information"). They also can't import new machines into "All Systems" because they don't have those privileges. Therefore, they are stuck.

 

Like I said, I'm sure this situation has to have an easy answer that I'm missing. Can anyone provide some insight here? Can I grant these departmental admins just enough rights to "All Systems" to read that collection and also to import new computers to it but nothing else (i.e. I can't let them deploy to it).

 

Thanks in advance for any insight the community can provide!

 

Regards,

Ben

Share this post


Link to post
Share on other sites

That's a good point Tay. We manually import computers when we get new machines not before in our organization. We manually import them so that we can then PXE boot for re-imaging purposes. True, their root collection is query-based, but they create all kinds of direct membership collections and manually add new machines in to any number of other locations.

Share this post


Link to post
Share on other sites

You could create a PXE VLAN separate from your network just for the ports that are used to re-image. Then assign your O/S task sequences to the All Unknown computers collection. VLAN so your guys don't accidentally image the whole company and unknown collection will detect any new devices so you won't have to deal with mac addresses. I use USB to PXE boot so I don't know if it would work in your environment. Maybe someone can shed some light on automating PXE from network. I thought they did away with manually adding new comps in 2012 but I can't verify.

Share this post


Link to post
Share on other sites

Here's the link I was looking for.

 

Anyway, I can import machines manually just fine as the full administrator for our entire primary site. The people to whom I've delegated smaller sections of control (i.e. several security roles, a custom security scope, and their own custom "root" collection) can't import machines because they can't import into the collection I've directly assigned them nor can they import into "all systems."

 

I'm stumped.

 

I appreciate the thought Tay, but your solution seems a bit more complicated than I'd like to tackle if only because it involves getting the networking team involved. :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.