Danger, danger, danger. That's not what primary sites are for at all. Just because they can only see client resources for systems at a particular primary site when connected to it does not mean they cannot deploy something to clients managed by other sites.
Example: You have a collection called All Windows 7 Systems. If an admin logs into primary site A, he will only see the Win 7 clients managed by primary site A in that collection; however, that collection does truly contain every Win 7 system from all primary sites. Thus, if he deploys something to that collection, the deployment will apply to all Win 7 systems in all sites. Don't even think about doing something like this. CAS = Central ADMINISTRATION Site. That's where you should be doing all ADMINISTRATION. Anything else WILL lead to an RGE. If someone designed your site hierarchy based on this premise, please kick him now and possibly lead him to the door. J From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Owen Sent: Thursday, January 30, 2014 8:13 AM To: [email protected] Subject: [mssms] Restrict access of admins to only certain primary servers Hi all, Do you know of a method I can use to lock admins down to connecting only to certain primary sites in SCCM 2012? In my scenario, I have primary sites A, B and C. I want admin A to only be able to connect to primary site A. Is it possible for me to restrict his access to only certain primaries?
