Re: Minimum Permissions Required.

Sms Administrators group permissions is the minimum you will get away with.
In contrast with his name, this gives you next to no permissions at all.
It just allows you to connect to the wmi namespace for sms remotely.

The other permissions required are kind a difficult to establish without
looking at the vb app.

--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
"Mr Paul" <inscope@xxxxxxxxxxxx> wrote in message
news:1133768834.046711.302430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I have an SMS 2003 SP1 site. My helpdesk have a VB application that
> they use to assign applications to workstations. As an SMS
> administrator I can run this app with no issues. The helpdesk get an
> access denied message. I need to know what are the minimum permissions
> are to run the VB app. KB252674 talks about a similar situation, but
> it takes the shotgun solution of making the helpdesk members of the SMS
> Admins local group, which is a lot more permission than I want to give
> out.
>
> The line of code that the application barfs at is:
> Services = Locator.ConnectServer(strSMSProviderServer, "root\sms\site_"
> & strSMSProviderSitecode, User, Password). For the non-programmers
> amongst us, this line of code authenticates and connects to the SMS CIM
> repository.
>
> Once connected the program runs: QueryResults =
> Services.ExecQuery("SELECT * FROM SMS_Package") in order to get a list
> of all packages. These packages are then presented as a list to the
> helpdesk user.
>
> When the helpdesk user assigns the package to the workstation, all that
> happens is that the computer account is added to a global group in AD
> that has been used in an SQL membership rule to an advertisement.
>
> So, what are the minimum permissions I need?
> Read on the Central site object and read on the package class? I tried
> that and still got an access denied mesage.
>


.

Relevant Pages

  • Re: Additional suggestions for previous post "Distribution Manager error 2324 1/4/05"??
    ... I'm not looking at a site right now, but I checked the other SMS shares ... that you indicated have Everyone with Full Control listed. ... didn't look closely at the file permissions. ... regarding the specific share and file permissions, ...
    (microsoft.public.sms.swdist)
  • Re: Is it possible to have more granular security permissions with SMS
    ... > Is it possible to have more granular security permissions with SMS 2003 SP1 ... > running on Windows 2003 Server? ... > I would like to give our helpdesk group permissions to push client to the ...
    (microsoft.public.sms.admin)
  • Minimum Permissions Required.
    ... I have an SMS 2003 SP1 site. ... My helpdesk have a VB application that ... they use to assign applications to workstations. ... These packages are then presented as a list to the ...
    (microsoft.public.sms.admin)
  • Re: Is it possible to have more granular security permissions with
    ... One way you could do it is by setting up a website that the helpdesk people ... Then in the web app specify which collections can be pushed to by helpdesk. ... SMS gets the CCR and uses its rights to install the client, ... >>> Is it possible to have more granular security permissions with SMS 2003 ...
    (microsoft.public.sms.admin)
  • RE: Admin Console problems
    ... Locate the Console root node, expand Component Services, expand ... In Access Permissions, click Edit Limits. ... In Permissions for ANONYMOUS LOGON, ... I am installing the SMS 2003 Admin console on a co-workers workstation from ...
    (microsoft.public.sms.admin)