I set this up just last month. I have a PS script that my colleagues use to start the process. They provide the name and the MAC as parameters at the command line. The import process works and they can’t see the All systems collection because it’s not in their scope.
I have a Collection limited to the All Systems collection called “OSD Import Collection” that is populated by query, no TSes are advertised here. The membership query is what gets around the “user can’t see them” problem. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.AgentName = "Manual Machine Entry" and (DateDiff(day, SMS_R_System.AgentTime, GetDate()) < 1) and (DateDiff(minute, SMS_R_System.AgentTime, GetDate()) < 60) So it populates the collection with Manual Machine Entry clients that are less than an hour old. Then I have other OS based collections that I use computer variables to actually place the objects in collections with, that the users CAN see, where the TS is advertised. My PS script triggers an update on the OSD Import Collection after manual machine creation, which runs the query and populates the group. Does that make sense? Todd From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Sent: Wednesday, December 10, 2014 3:47 PM To: [email protected] Subject: Re: [mssms] Importing Computers, Limiting Collections, and RBAC You could create a collection with all systems that have no client installed and give them access to it. They will have to wait a few minutes after importing to add the computer to your imaging collection, but they would eventually be able to do it. On Wed, Dec 10, 2014 at 3:30 PM, Jeff Poling <[email protected]<mailto:[email protected]>> wrote: For a PC replacement scenario, we are manually importing the new PC into ConfigMgr by MAC address. Unfortunately, in this environment, the PC team does not have access to All Systems. So, we have a collection for the new PCs to which a task sequence is deployed for imaging and restoring user state. The imported PCs only show in that collection if it is limited to All Systems. But if we limit it to All Systems, then the PC team cannot add members to the collection. . .seems like a catch 22. . .has anyone encountered a scenario like this? I did find the following article: http://blogs.technet.com/b/inside_osd/archive/2012/04/30/custom-role-based-administration-for-importing-computers.aspx but even using those steps, the imported PC does not show up in the collection when added. Any insights or suggestions are greatly appreciated. Thanks, Jeff
