Jump to content


Recommended Posts

I have an admin in one of our remote sites who only has access to his boundary.  However, he needs access to several specialized systems in a different location's boundary.

I have given him access to the collection I created for those specific PC's, but I imagine the limitation here is the boundary setup.

Is there any way around this?  I would prefer not to give users at this level any higher access than what I've already customized for remote locations. 

Thanks,

Share this post


Link to post
Share on other sites


Boundaries are not a security scope so.. what exactly do you mean by this?

Share this post


Link to post
Share on other sites

I mean that we have over a dozen different remote locations, and just as many different boundaries.  Each local IT admin can only work on machines in their own collections that are in their boundaries.  If I give them admin rights to a specific collection within another location's boundary, they cannot use the remote tool to get into it.  They can't even see it.

If security scopes are the way to go, then I need someone to explain, because there is no way to associate a collection or computer with a scope.   

Share this post


Link to post
Share on other sites
19 minutes ago, Config Manager Manager said:

Each local IT admin can only work on machines in their own collections that are in their boundaries.  If I give them admin rights to a specific collection within another location's boundary, they cannot use the remote tool to get into it.  They can't even see it.

 

What exactly does the above mean? A collection has no link to a boundary therefore if you grant someone RC access to the collection they can RC every computer in that collection, not matter where that computer exists on your network.

Share this post


Link to post
Share on other sites

That was my initial thought and that's how we have it set, and have always had it set.  However, they cannot see or remote control anything outside of that location. 

For instance, we have collections for workstations and servers in Site A.  Site A Admins can only see those Site A computers.

Site B has a special collection that Site A admins need to remote control.  Site A admins have rights to Site B's collection. 

The problem is that Site B's collection is not visible to site A admins.  Manually entering in the IP or name does not work in remote control, either. 

I was wondering if it had anything to do with boundaries, seeing as how that is literally the only difference between the two. 

Share this post


Link to post
Share on other sites

If they can't see the computer it is because the permissions are wrong for the collection. How exactly did you grant them access to the collection?

Entering the IP address and getting an error, has nothing to do with boundaries that would most likely be a firewall issue or maybe a local to the PC permissions issue.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...