After R2 SP1 Upgrade, Cannot Deploy OSD Task Sequences as Required

[rdr222]

I updated from R2 to R2 SP1 last week and one of the new SP1 features is the deployment verification of High Risk Deployments like OSD task sequences. When users try to deploy a task sequence, they go to choose the collection and see the new High Risk Verification prompt. The user can hit OK and choose a collection as normal. The next screen on the deployment wizard asks if this is an available or required deployment. When choosing available everything works as normal but choosing required and hitting next should pop up another verification depending on the contents of the collection. The user can verify that they want to continue with the deployment wizard.

However, I’ve found that if the user's security role does not have access scoped to it for the All Systems collection and the All Users and Groups collection, choosing required and hitting next in the deployment wizard does nothing; no verification popup, no advance to the next screen. Since we delegate access to our users based on collections querying their department specific OU, and they do not have access to the All Systems or All User and Groups collection, none of them are able to run required OS deployments.

I opened a case with Microsoft today but am curious if anyone else has any workaround or has seen this issue as well.

 

[Bitmapped]

I'm seeing the same issue with the SCCM 2012 R2 SP1 (upgrade from R2) install at my work. I have permissions to a collection that is only part of our enterprise. I can deploy "available" task sequences but the wizard won't advance when I select to make the deployment "required."

 

I checked with our SCCM admin and he hasn't had anyone else report the problem. I've asked some of my counterparts in other units to see if they can replicate the issue.

 

If anyone else has any more info or a workaround, I'd greatly appreciate hearing it.

[rdr222]

I'm still waiting for MS to get back to me about it. I showed one of the support engineers what the issue is and he said they would try to replicate it and check with the product team if that is an "intended feature". I couldn't imagine it is since having to give access to All Systems and All Users and User Groups collection kind of defeats the point of being able to delegate and limit access with security roles. I'll update the thread once I get more info.

[Bitmapped]

One of my co-workers figured out a work-around for this problem. Rather than going to Task Sequences > Deploy to start the deployment, go to Collections > Deploy > Task Sequences. It takes you into the exact same wizard, but for some reason it works here.

[rdr222]

The workaround posted by Bitmapped is what MS also gave me. The support engineer I was working with acknowledged that it is a bug and said a fix will be included in the next CU