Re: Need help for setting proper security rights

Tech-Archive recommends: Fix windows errors by optimizing your registry

I guess if it was me, I woudl create a collection C to mimic B and see if
the same thing happens. If it does, I would try adding in permissions to see
if that changes anything.
It's all I can think of for now.

--
Cathy Moya, CISSP, MCSE: Security
Technical Writer, Windows Enterprise Management Division User Assistance

Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
This posting is provided AS IS with no warranties and confers no rights.

"helpwanted" <helpwanted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:556CB580-69AC-4856-B6BF-E861FC99D645@xxxxxxxxxxxxxxxx
> Thanks Cathy for replying. Perhaps I should re-word my problem.
> I have been deploying a software (say Software A) using direct membership
> (i.e., adding individual computers to the collection) with the SMS admin
> account without any problems. Now that I need to assign this task to
> another
> administrator (someone who is not supposed to know the SMS admin account),
> I
> create a special account and set the security settings for this account as
> follows:
> Collection (All instances) = Create, Delegate
> Collection (Software A) = Everything
> Package (All instances) = Create, Delegate
> Package (Software A) = Everything
> Advertisement (All instances) = Create, Delegate
> Advertisement (Software A) = Everything
> Then, when I add a computer name to the Software A collection using direct
> membership, the adding process appears to be working as normal... it can
> find
> the computer name and there is no error message on the screen. But when I
> go
> back to the collection, the computer name simply isn't there.
> I have checked the collection evaluator log and don't seem to see anything
> unusual. Am I using these security settings correctly? Any suggestions
> is
> appreciated?
> Thanks.
> Al
>
> "Cathy Moya [MS]" wrote:
>
>> Well, casting about a bit - tell us more about your collections Software
>> A
>> and Software B. You say they have the same security settings, but what
>> about
>> the configuration of the collection itself? When you say you add someone
>> to
>> Software B and they disappear, are you using direct membership or some
>> sort
>> of query-based membership? Have you looked at the collection evaluator
>> log?
>>
>> --
>> Cathy Moya, CISSP, MCSE: Security
>> Technical Writer, Windows Enterprise Management Division User Assistance
>>
>> Check out the SMS Technical FAQ:
>> http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
>> This posting is provided AS IS with no warranties and confers no rights.
>>
>>
>> "helpwanted" <helpwanted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:7460FA4A-17AE-4D1E-9A57-6599A9D3904A@xxxxxxxxxxxxxxxx
>> > We are running SMS 2003 SP1 with Advanced Security.
>> > I need to grant security rights to a group of staff so that they can
>> > only
>> > see and deploy a couple of software packages. Here is what I have set
>> > for
>> > this group...
>> >
>> > Collection (All Instances) = Create, Delegate
>> > Package (All Instances) = Create, Delegate
>> > Advertisement (All Instances) = Create, Delegate
>> >
>> > Collection (Software A) = Everything (Read, Modify, Delete, ... Read
>> > Resource)
>> > Package (Software A) = Read, Modify, Delete, Distribute
>> > Advertisement (Software A) = Read, Modify, Delete
>> >
>> > Collection (Software B) = Everything (Read, Modify, Delete, ... Read
>> > Resource)
>> > Package (Software B) = Read, Modify, Delete, Distribute
>> > Advertisement (Software B) = Read, Modify, Delete
>> >
>> > Security settings for Software A and Software B are exactly the same.
>> > As
>> > expected, this group can only see these 2 software packages from their
>> > admin
>> > console. However, when this group adds a member to the collections,
>> > Software
>> > A works without any problem and gets installed successfully in the
>> > member
>> > PC.
>> > But for software B, the member simply disappears from the collection
>> > and
>> > there is no error message (either on the screen or from the SMS log
>> > files).
>> > Can anyone shed some lights? Am I actually doing this wrong?
>> > I don't seem to be able to find any docs that is applicable to our
>> > situation. Any help is appreciated.
>> > Thanks.
>> > Al
>> >
>> >
>> >
>> >
>>
>>
>>


.