Assigning a User Collection to an Administrative Security Roll
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
Here are the basic steps we will complete in this lecture
- From the Domain Controller, using ADUC we will create users, create a security group, add members to the group.
- Then using configuration manager we will create a user collection, and assign a security role to that collection.
- From our Domain Controller SADC01, open Server Manager, tools, Active Directory Users and Computers.
- Double click the ServerAcademy.com domain. In case you have never created a user, I will show you how, then you’ll go ahead and stop the video and create two more users.
- Right click on Users, click new user
For first name type Mike
Tab down to last name and type Sims
Tab down to user logon name and type msims, then click next Then type a password twice.
- For this lab we will uncheck user must change password at next logon and check password never expires, click next, then finish.
- Now go ahead and stop the video and create the other two users.
- Now that you have created three users, right click on users then New, then click Group For Group Name type SCCM Admin Users, click ok. (Cancel)
- Double click the SCCM Admin Users group, then click members. Then click add, type Mike, then click check names, then click Ok.
- Now add the other two users that you just created to the SCCM Admin users group. These three users will be my administrator’s, and will also be members of a User collection assigned to the Full Administrator security roll.
- Stop the video while you do this. Then click ok
Now let’s Create a User Collection
- From the SCCM server, open Configuration Manager, from the Workspace click Assets and Compliance, from the Navigation Pane right click User Collections, click Create User Collection.
- For Name type SCCM Admin Users, then click Browse, and select All User Groups, click ok. Then click next
- Click Add Rule, then select Direct Rule, then click next
- From Resource Class, select User Group Resource, for Attribute Name, Select Active Directory Container Name, For Value, type %, wildcard variable (this will display all the groups) then click next.
- Now, SCCM displays a list of all the groups from Active Directory. Scroll down and Click SERVERACADEMY\SCCM Admin Users, then click next, then click next again, then click close.
- Click next, then next again. Then click close
- Now that we have created our collection, let’s assign a security Role to the SCCM Admin Users Collection.
- From the Workspace, click Administration, from the Navigation Pane, click Security, then right click Administrative Users, click add user or group.
From User or group name, click Browse, type SCCM Admin Users then click check names, click ok.
- Click Add – Here is where we choose the Administrative Security Role, Click Full
Administrator, click ok
Click Add, then click collection, click SCCM Admin Users, click ok, then click ok again
- For verification, click monitoring, click reporting, click the Report Manager
server/Reports, Click Administrative Security, Security Roles Summary, scroll down, you will see the security Roll named Full Administrator and the SCCM Admin users group.
Verifying Security Roles
If you recall msims was one of the users that we created and added to the SCCM Admin users group, now we will check and see if msims has full admin rights to the console.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
What is the purpose of adding both the AD group and the collection to the role? Can this be done without adding the collection or is there a reason to have both?
Hello Ambrose,
Good question. Here are the steps that we have taken in this video. Hopefully this will help clarify some things.
1. Create 3 users
2. Create an A.D group called (SCCM Admin Group) At this point this group has no admin capability, it is just a group
3. Add the three users to the group
4. Then we created a user Collection called (SCCM Admin Users) Still no Admin capability
5. Now we add the SCCM Admin group to the collection
6. Now we assign the security role to the collection. Here is where we add the Administrative security role capability to the collection
To answer your question you can add a user or a group to a security roll. It is very flexible. I chose to use a AD group so that it would be easier to add and remove members when needed.
The reason I added a collection is to demonstrate the direct rule. Later in the course you will use collections in various way that I am sure you will find interesting.
Hope that cleared up some things.
Thanks,
Robert