After the first report of this problem, I began seeing this issue more and more.
This problem manifests itself as an inability to change the "ask permission" registry key remotely. Also if your clients are set to "ask permission," the clients never pop up the dialog asking the user to grant permission and the remote session never starts. From your end - the "remote controller" side, it looks like you are waiting for the remote user to say "OK" but the user is never asked. I estimate that somewhere between 10% and 15% of our clients experienced a problem with the ACL on the SMS registry key when upgrading the client from 2007 to 2012. The machines with the problem, interestingly show strange capitalization on the key name --- With "Sms" instead of "SMS" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sms --- not set correctly to inherit on ACL. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS --- set correctly I located a better solution using GPO Preferences from a link on technet forums. This site also has a better description of the problem than I am offering here. http://theneatly.com/?p=201 From: [email protected] [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Friday, May 08, 2015 11:11 AM To: [email protected] Subject: [mssms] SMS Registry key not inheriting permissions Remote Control Fails My help desk recently contacted me about a problem they were having remote controlling target machines. The target was not receiving any message about allowing connection, and the connection was not being made. Through web search, I found someone else has had this problem and documented a fix. https://p0w3rsh3ll.wordpress.com/2013/04/19/system-center-configuration-manager-remote-control-acl-issue/ I am wondering if others have run into this problem and perhaps developed a way to resolve this issue or if a root cause was ever found. I would like to do something a little more automated. I am also versed enough in PoSh to figure out how to execute this script on a remote client, although I do have WinRM enabled for Client Center already, so I think I have the hard part out of the way already. Anyone else run into this problem? Have you figured out the cause or implemented a solution using something more automated like via DCM Baseline or something? ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
