Re: New to SMS - have a Collections question.
- From: dbouton@xxxxxxxx
- Date: 6 Nov 2006 10:19:05 -0800
Thanks Steve but the DCOM permissions were set properly. So far the
only way I have been able to get this to work is making the user a
local admin of both the SMS server and the server the database is on.
However this is a security problem. Still trying though but haven't
come up with anything more restictive that works. Any other ideas?
Dawn
Steve Thompson wrote:
You probably need to adjust the DCOM permissions on your server, see the
last FAQ on this page:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq02.mspx
Steve
<dbouton@xxxxxxxx> wrote in message
news:1162411235.716668.132440@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thank you so much - it makes sense now and I set it up accordingly.
I'm on to problem number two now and have tried almost all the
suggestions I could find. I loaded the SMS Admin Console on the
computer these techs will be using. They do not have domain admin
privileges but they do have local admin priviliges. They are unable to
connect to the site. I connect fine as Domain Admin on the same
machine. I tried making them a member of DCOM Users and even SMS
Admins to test but no luck. I do not want them to be a local admin on
the SMS server. Our database resides on a seperate server. I'm sure
it's a rights problem but I'm not sure where or how to fix it and not
comprimise the security of the servers. Any ideas?
Thank you for your help.
Dawn
Bernie Kilshaw wrote:
Dawn,
SMS security is a bit different from normal Windows security.
Access to objects is based on Security Rights (if you scroll down the
list
of objects in the Console you'll find Security Rights there.)
You can assign rights to a Class (ie All Collections / Queries / Packages
etc) or to an Instance (ie a specific Collection / Query / PAckage).
It sounds as if you've set Class Rights rather than Instanace Rights for
what you're trying to achieve.
If you select Security Rights -- > Right Click --> New --> Instance you
should be able to get where you want to.
HTH
Bernie
<dbouton@xxxxxxxx> wrote in message
news:1162391162.533211.318300@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am new to SMS - trying to learn it after someone else installed it.
I believe it is a typical install. There is only one site database and
below that I see the Site Hierarchy, Collections, Packages etc. Under
Collections is a lot of "sub collections". I tried creating a
"sub-collection" called tech for our techs to be able to use remote
tools to access and fix computers on our network. I added the
workstations in I wanted them to have access to. However I want to
exclude them from servers and administrative computers which are in a
different "sub-collection". I also want to limit other functions.
However if I set the security on "Collections" or their
"sub-collection" it gives them rights to everything under "Collections"
including the administrative machines and servers. I'm not sure where
to go from here. Do I have to create a whole new CollectionsB say
under Site Database. If so how do you do this. I have been reading
the manual and am confused. I think because I was not part of the
install from the beginning. Any help is appreciated.
Dawn
.
- References:
- New to SMS - have a Collections question.
- From: dbouton
- Re: New to SMS - have a Collections question.
- From: Bernie Kilshaw
- Re: New to SMS - have a Collections question.
- From: dbouton
- Re: New to SMS - have a Collections question.
- From: Steve Thompson
- New to SMS - have a Collections question.
- Prev by Date: Re: SMS Client Install via login script
- Next by Date: Context Integration
- Previous by thread: Re: New to SMS - have a Collections question.
- Next by thread: Re: New to SMS - have a Collections question.
- Index(es):
Relevant Pages
|
|
