Config Manager ManagerEstablished Members
Posts posted by Config Manager Manager
I mean that we have over a dozen different remote locations, and just as many different boundaries. Each local IT admin can only work on machines in their own collections that are in their boundaries. If I give them admin rights to a specific collection within another location's boundary, they cannot use the remote tool to get into it. They can't even see it.
If security scopes are the way to go, then I need someone to explain, because there is no way to associate a collection or computer with a scope.
I have an admin in one of our remote sites who only has access to his boundary. However, he needs access to several specialized systems in a different location's boundary.
I have given him access to the collection I created for those specific PC's, but I imagine the limitation here is the boundary setup.
Is there any way around this? I would prefer not to give users at this level any higher access than what I've already customized for remote locations.
Well, the strange thing is that they don't exist in AD.
Today I decided again just to delete every item in SCCM that had no client. I then proceeded to run a full system discovery and came back with only 190 PC's without a client. I'm not sure what changed, whether it was records in the DB that never got truly deleted until now or something else.
The entire time my delete aged records for everything has been at 30 days, and my discover systems has been only items logged into in the last 30 days. How we managed to get an extra 1,000+ systems lingering is beyond me.
So, I have about 2200 actual PC's that I manage, however it shows about 3500 "all systems" PC's with around 1300 Showing "All Systems - No Client".
98% of these PC's are not ping-able and show no host found in my RCT Recast tools add-on under ping collection. There are no records in AD for these, as well as DNS. As far as I can tell, I have little to none duplicate GUIDS after running every query under the sun.
Has anyone seen such a thing? My discovery is set to only discover PC's that have been logged into within 30 days, same with parameters for the automatic aged removal. DNS scavenging is fairly aggressive.
I cannot find where these extra systems are coming from if they don't exist anywhere in the environment or AD. I've deleted these extra Systems in SCCM, and they come back during the weekly Delta discovery, but not in the incremental discovery.
I can give more specifics if necessary, but I thought I'd see if anyone else has seen something similar first.
Remote Control in different boundary
in System Center Configuration Manager (Current Branch)
That was my initial thought and that's how we have it set, and have always had it set. However, they cannot see or remote control anything outside of that location.
For instance, we have collections for workstations and servers in Site A. Site A Admins can only see those Site A computers.
Site B has a special collection that Site A admins need to remote control. Site A admins have rights to Site B's collection.
The problem is that Site B's collection is not visible to site A admins. Manually entering in the IP or name does not work in remote control, either.
I was wondering if it had anything to do with boundaries, seeing as how that is literally the only difference between the two.