Not in regards to permissions, but if you want to allow the add through a script instead of console, we used this as a basis for something we did in my organization.
http://sysdevpro.com/blog/microsoft/sccm-2012-r2-cmadd2coll-ps1-adding-machine-to-a-collection/ Michael Schultz Client Systems Engineering Information Systems Providence Health & Services [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Murray, Mike Sent: Thursday, October 06, 2016 10:24 AM To: [email protected] Subject: [mssms] Allowing staff to add computers to collection CM2012. I'd like to allow certain staff members to add computers to a collection. I found this article: https://social.technet.microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012-security-to-allow-users-to-add-resource-to-a-collection?forum=configmanagersecurity<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fen-US%2Fc9d7531c-c8e1-4b0f-ab95-5a9ec5207e41%2Fsccm-2012-security-to-allow-users-to-add-resource-to-a-collection%3Fforum%3Dconfigmanagersecurity&data=01%7C01%7Cmichael.schultz%40providence.org%7C833a4bb283a543292ab008d3ee118907%7C2e3190869a2646a3865f615bed576786%7C1&sdata=flC3GZynqHKpzZhAEP%2FMAIEgKwFzbLv4s2w3W8Ifodg%3D&reserved=0> It says the below, which is confusing me. Can someone clear this up and let me know if this is a good idea? Here is a solution that should work for you. Perform this on a test account with only the security role you are going to change for your users in question. 1. Create a new collection that is a copy of your collection limiting collection mentioned above. 2. Set the limiting collection of this new collection to something other than the limiting collection it defaults to, which is the copied collection. 3. Select the collections to which you wish to grant Add Resource permissions to and set their limiting collection to this new collection. 4. Within your Administrative user or group properties, specify this new limiting collection and the collections you wish to allow Add Resource permissions under the "Associate assigned security roles with specific security scopes and collections - don't forget to add your security scope. 5. Apply the changes and test - don't forget to restart the console of your test account. This does a couple things - it allows the Add Resource function to the specific collections you wish for the specific Administrative user/group you wish. It does NOT allow modify on the limiting collection. And it separates the specific collections you tag as being modifiable by the specified group. Best Regards, Mike Murray Desktop Engineer/IT Consultant - IT Support Services California State University, Chico 530.898.4357 [email protected]<mailto:[email protected]> Remember, Chico State will NEVER ask you for your password via email! For more information about recognizing phishing scam emails go to: http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.csuchico.edu%2Fisec%2Fbasics%2Fspam-and-phishing.shtml&data=01%7C01%7Cmichael.schultz%40providence.org%7C833a4bb283a543292ab008d3ee118907%7C2e3190869a2646a3865f615bed576786%7C1&sdata=KioPZtSAaZJOoDMwZ9ItpQY9OqbJby9kH0h%2FEbrp8h0%3D&reserved=0> ________________________________ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.
