skullicious
-
Posts
16 -
Joined
-
Last visited
Posts posted by skullicious
-
-
Awesome. Thanks for clearing that up!
-
Ah! I added the user through RBAC and they are now able to get results from the SCCM Web Services.. You're a legend, Garth!
Do you know why this is the case and the explicit SCCM permissions are not enough as they would be in the MDT database?
-
Hi Garth,
Sorry that was a bit vague!
I'm using Maik Koster's Web Services version 7.3. The MDT.asmx and AD.asmx pages functions run fine with the permissions specified.
No, I haven't configured any RBA in SCCM. Only SQL permissions directly on the database.
A sample query would be: Select * from sms_tasksequencepackage using the GetTaskSequences function.
The funny thing is I can log into the database via SQL management studio a run the query from there no problem ?!
-
Hey,
I'm hoping someone can point me in the right direction.
I'm having an issue in getting my application pool identity cmWebSvc to have enough permissions to query the SCCM SQL database.
If I use my CMAdmin account the web service returns results as expected.
This is how I currently have it configured but it doesn't seem to be enough..
Could anyone shed some light?
Thanks!
-
Cheers Niall!
I managed to get this to work by following both your and also keeop's suggestions of:
Add BackupDrive=ALL to customsettings.ini.
At the beginning of both the Backup Local and Backup Network Task Sequence groups
Add Step > Set OSDISK variable to %OSPART%
Add Step > Check DriveLetter and Set OSPART variable. (copyable from elsewhere in the TS)
Thanks again!
-
1
-
-
One more thing!
Do we have to update to MDT 2013 to get the WIM Backup functionality working?
No adverse to doing so but don't want to unsettle my web services for moving computer between OU's etc...
Thanks again!
-
Thanks so much Peter.
Looks good!
-
Sorry! Half asleep!
I set that to the drive letter that I mapped to in the task sequence and it works!
Thanks again for such an awesome tool.
-
Hey Niall,
Awesome HTA! I've nearly finished piecing it all together but I've hit a snag!
In the New Computer/New Installation pane of the HTA the Restore option is only presenting me with No Restore or SMP.
I have checked the Connect to Network Folder step in the Task Sequence and the the relevant drive is mapped and can be browsed in WINPE.
I then checked in the deploymenu.js to further investigate to find the function populateUSMTDropList()
sUsmtStorePath = "\\\\sccm\\USMTStores";
This seems to be the issue?
Is this supposed to be dynamically set or am I missing something?
Could you point me in the right direction?
Thanks for your help!
-
Hi Peter,
Thanks for the pointers!
I like the idea of it filtering result using Hardware Type... Do you have any code samples?
Thanks!
-
Hey,
I am looking at expanding on Niall's CM2012 Front End HTA and wanted to know if I what I was planning to do was possible as I'm finding it hard to find a resource that give me definitive answer.
Basically what I want to do is:
- Modify the HTA to have two drop down boxes, one for role and one for OU.
- Have the drop downs display a list of roles passed back from Maik Koster's webservices using GETOUs and GETROLES.
- Be able to select these roles and pass these variables into the task sequence.
Is this do-able?
Is this the best way of doing it? I've seen mention of how to do this by manually setting which OU's are available but this seems like an administrative overhead every time OU's are added/changed.
Any tips?
Thanks!
-
I took another run at this and no joy.
I've got two roles:
SDREADER which had NO "modify" permission.
SDMODIFY : which has "modify" permissions.
I assigned them both to "MYDOMAIN\sdgroup" administrative user.
Then in security scopes I have:
Associate assigned security roles with specific security scopes and collections.
There I modify the security roles so that:
SDReader : Assigned to "All Systems" Collection and Default scope.
SDModify: Assigned to "Photoshop" Collection and Default scope.
I would expect that this would allow "MYDOMAIN\sdgroup" to navigate collections as normal but not allow "add selected items" or "add resource" anywhere other than the "Photoshop" collection where the permissions would be available.
Am I on the right track here or have I totally missed something? -
I've just had this issue with a driver set for HP Elitebook G820.
Turned out to be an issue with Kernel Mode Driver Framework and installing certain drivers.
Found a solution here...
You can also add the hotfix to the reference WIM.
-
Hey! Thanks for that but that's not quite what I'm looking for.
I basically want to8*remove* from my Service Desk role the ability to add one collection to another collection using the "add items to existing collection" button.
In the example above the functionality is still available for them to add for instance "All Desktops" to "Photoshop CS6" etc.
Anyone have any ideas?
-
Hey guys,
I've created a service desk role in CM12 which allows the members to run reports, remote control machines and modify resources and collections.
In CM07 I was comfortable with these guys having this level of access as it wasn't the easiest thing for them to add multiple devices erroneously to a collection.
In CM12 I fear that one of the guys is going to right click a device collection (ie All Systems) "add items to existing collection" and add all the items in that there to a Photoshop CS6 collection or something like that.
Why is this button available so easily!?
I thought that with RBA I would be able to hide All Systems and collections like that from view using scopes etc to circumvent instances like this (sadly not the case).
Does anyone have a solution or way round this or am I missing something really simple?
Thanks.
SMSTSUDAUSERS variable ignored?
in Configuration Manager 2012
Posted
Hi guys,
Hoping someone can point me in the right direction...
A pair of variables used for SMSTSUDAUSERS appear present but are seemingly ignored.
Oddly they are used later on in the Task Sequence,...
Why is this step seemingly ignoring them?
I've attached the relevant log screenshots.
Thanks!