Chris Thelen, if you did that already, could you go to your console, Security/Security Roles, and right-click Export Security Role, and then send that to the list? Mike could just import it; and then scope it.
On Thu, Oct 6, 2016 at 3:10 PM, Thelen, Chris <[email protected]> wrote: > You will need to create a custom security roll to do this. > > > > I created one for our PC Support team that gives them access to modify > collections, Computer Associations, and User Affinity. Works great and > allows them to add users or computers to collections included in the scope > assigned to them. > > > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Murray, Mike > *Sent:* Thursday, October 6, 2016 2:52 PM > *To:* [email protected] > *Subject:* RE: [mssms] Allowing staff to add computers to collection > > > > I don’t see a role that fits. :/ > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Adam > Juelich > *Sent:* Thursday, October 6, 2016 10:56 AM > *To:* [email protected] > *Subject:* Re: [mssms] Allowing staff to add computers to collection > > > > Can't you utilize Role-Based Administration on a Security Group / > Collection level? > > > > On Thu, Oct 6, 2016 at 12:23 PM, Murray, Mike <[email protected]> > wrote: > > CM2012. I’d like to allow certain staff members to add computers to a > collection. I found this article: https://social.technet. > microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012- > security-to-allow-users-to-add-resource-to-a-collection? > forum=configmanagersecurity > > > > It says the below, which is confusing me. Can someone clear this up and > let me know if this is a good idea? > > > > Here is a solution that should work for you. Perform this on a test > account with only the security role you are going to change for your users > in question. > > 1. Create a new collection that is a copy of your collection limiting > collection mentioned above. > 2. Set the limiting collection of this new collection to something > other than the limiting collection it defaults to, which is the copied > collection. > 3. Select the collections to which you wish to grant Add Resource > permissions to and set their limiting collection to this new collection. > 4. Within your Administrative user or group properties, specify this > new limiting collection and the collections you wish to allow Add Resource > permissions under the "Associate assigned security roles with specific > security scopes and collections - don't forget to add your security scope. > 5. Apply the changes and test - don't forget to restart the console of > your test account. > > This does a couple things - it allows the Add Resource function to the > specific collections you wish for the specific Administrative user/group > you wish. It does NOT allow modify on the limiting collection. And it > separates the specific collections you tag as being modifiable by the > specified group. > > > > > > > > Best Regards, > > > > Mike Murray > > Desktop Engineer/IT Consultant - IT Support Services > > California State University, Chico > > 530.898.4357 > [email protected] > > > > Remember, Chico State will NEVER ask you for your password via email! > > For more information about recognizing phishing scam emails go to: > http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml > > > > > > > > > > > > -- Thank you, Sherry Kissinger My Parameters: Standardize. Simplify. Automate Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger, http://www.smguru.org
