I'm trying to find a way to limit our workstation Admins from messing with the server admins Collections, but it seems a bit tricky. The workstation Admins will be doing 95% of the work in SCCM 2012 SP1. They need to be able to create collections,
manage software updates, mess with configurations, etc. I specifically want to keep them from tying deployments to All Systems or our device collection (All Servers). In addition I don't want them to be able to mess with the server ADR's or Software
update groups. I've tried restricting some access, but it takes away rights to new objects (collections) for example they need. I would like some specific steps rather than the "here's a TechNet article on role base access and security scopes"
Thanks in advance
↧