SCCM Reporting Permissions
I have a question concerning Reporting Services and SCCM 2012 SP1. I have working on configuring role based permissions. In this infrastructure, builtin\administrators includes far too many folks. I am working to throttle access to SCCM. When
I access 'Security' on the Report Website, BUILTN\Administrators have Full Control to all reports. They do not have permissions in SCCM. I have create a SCCMAdmins group that includes the SCCM Full Administrator Users (and
the SCCM server).
After some research and testing, SCCM permissions for Reporting are controlled from with SCCM Application itself and will be overwritten if changed at the website itself. I cannot figure out where this specific (builtin\administrators)permissions are
within SCCM or perhaps SQL(?-which does not have builtin\administrators assigned either). An Administrator on a server should not necessarily be an Administrator of an application. :). I am not sure where to look or how to change this permission
and would appreciate any help and insight you may have to offer. Thanks so much.
Unfortunately, I cannot change the current Admin model only do my best to help them secure SCCM as it should be. I was looking to direct some of these 'Admin' users to the website for reports and avoid some console installs. I
am just looking to lockdown to prevent potential issues.
I would be interested in knowing what you edited. Even if it is just for understanding how SCCM is assessing the permissions for this group. That would be great. Thanks for your work and digging on this with me. I really appreciate
it.
I undid it as it breaks CM12 and I didn't want to work out all the details, since IMO it will take hours to do this.
What I would do, is the following.
If nothing has happened, then remove domain admin for the Local Administrator group. Then I would grant only the CM12 full admin to Local Administrator group. After take I would grant DA access to the reporting user group only.
If you can't remove DA from local administrator group then I wouldn't worry about it at all. Anything that you can put in place to prevent them, they can undo anyways so what is the point of trying to lock it down. Just because... then why solve the problem
and remove everyone from DA.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ
Similar Messages
-
SCCM 2012 R2 Reporting issue updating SQL Reporting permissions
I am in the process of setting up SCCM 2012 R2. I am having an issue with the SCCM reporting. If I set the permissions in the SCCM console, the permissions do not propagate to the SQL reporting... I get this... This is from SRSRP.log...
Updating data source {5C6358F2-4BB6-4a1b-A16E-8D96795D8602} at ConfigMgr_DIT $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.384+300><thread=5432 (0x1538)>
(!) Error retrieving folders - [A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.)]. $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.438+300><thread=5432 (0x1538)>
No folder configuration information found. $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.441+300><thread=5432 (0x1538)>
Does anyone know how to fix?
I tried removing and re-installing the reporting point, changing the permissions in SQL Server... and a dozen other things.I am in the process of setting up SCCM 2012 R2. I am having an issue with the SCCM reporting. If I set the permissions in the SCCM console, the permissions do not propagate to the SQL reporting... I get this... This is from SRSRP.log...
Updating data source {5C6358F2-4BB6-4a1b-A16E-8D96795D8602} at ConfigMgr_DIT $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.384+300><thread=5432 (0x1538)>
(!) Error retrieving folders - [A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.)]. $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.438+300><thread=5432 (0x1538)>
No folder configuration information found. $$<SMS_SRS_REPORTING_POINT><01-15-2015 12:00:55.441+300><thread=5432 (0x1538)>
Does anyone know how to fix?
I tried removing and re-installing the reporting point, changing the permissions in SQL Server... and a dozen other things. -
SCCM Report for Applicable and Installed Updates Collection Wise
Hi All, I was looking for a report on Applicable and Installed Updates Collection Wise and got this below query on the Internet and want to create a SCCM report with this below query. How to make this query working in SCCM report?
Do I need to add prompts, if yes please guide me on adding prompts.
SELECT
DISTINCT
SYS.Name0
AS [Server Name], SIS.SMS_Installed_Sites0 AS [Site Code], UCS.Status AS [Patch Status Code],
CASE WHEN UCS.Status = '2' THEN 'Applicable' WHEN UCS.Status = '3' THEN 'Installed' ELSE '' END AS 'Patch Status', UI.BulletinID AS [Bulletin ID],
UI
.ArticleID AS [Article ID], UI.
Title
FROM
v_R_System AS SYS LEFT OUTER
JOIN
v_Update_ComplianceStatusAll
AS UCS ON SYS.ResourceID = UCS.ResourceID INNER
JOIN
v_UpdateInfo
AS UI ON UCS.CI_ID = UI.CI_ID INNER
JOIN
v_RA_System_SMSInstalledSites
AS SIS ON SYS.ResourceID = SIS.
ResourceID
WHERE
(UCS.Status IN ('2', '3')) AND (UI.ArticleID IN ('972270', '974392', '973904', '969947')) AND (SYS.Name0
IN
(SELECT DISTINCT v_FullCollectionMembership.
Name
FROM v_FullCollectionMembership INNER
JOIN
v_R_System
ON v_R_System.ResourceID = v_FullCollectionMembership.ResourceID AND v_R_System.Active0 = 1 AND
v_FullCollectionMembership
.CollectionID IN ('Collection ID'
ORDER
BY
[Patch Status Code]Yes it can be done and please run the query which i have shared in the thread
I again pasted the query for you below..
SELECT DISTINCT
SYS.Name0 AS [Server Name], CASE WHEN UCS.Status = '2' THEN 'Applicable' WHEN UCS.Status = '3' THEN 'Installed' ELSE '' END AS 'Patch Status',
UI.BulletinID AS [Bulletin ID], UI.ArticleID AS [Article ID], UI.Title
FROM v_R_System AS SYS LEFT OUTER JOIN
v_Update_ComplianceStatusAll
AS UCS ON SYS.ResourceID = UCS.ResourceID INNER JOIN
v_UpdateInfo AS UI ON UCS.CI_ID
= UI.CI_ID
WHERE (UCS.Status IN ('2', '3')) AND (SYS.Name0 IN (SELECT DISTINCT v_FullCollectionMembership.Name
FROM v_FullCollectionMembership INNER JOIN
v_R_System ON v_R_System.ResourceID = v_FullCollectionMembership.ResourceID AND v_R_System.Active0 = 1 AND
v_FullCollectionMembership.CollectionID
IN ('XXX00000')))
Kamala kannan.c| Please remember to click “Mark as Answer” or Vote as Helpful if its helpful for you. |Disclaimer: This posting is provided with no warranties and confers no rights -
SCCM Report for Laptop Battery Condition
Good morning,
We are in a situation where we're needing to monitor conditions of laptop batteries in the school district I manage. I have added the laptop batteries class(Win32_Battery) and have all required/requested information checked under this class. This
has been set for a week, so all devices should be inventoried by now.
How do you recommend my getting a report together that shows battery condition/etc? The fields I would like to see are ones such as:
Win32_Battery
battery status
design capacity
design voltage
Expected Life
Error Description
Full Charge Capacity
Really anything that will help us in knowing which laptops batteries need replacing.
I am not that knowledgeable about SQL reporting/SCCM reporting, so any help in getting this is greatly appreciated. Any resources that you can point me in for getting more familiar with creating my own reports would be greatly appreciated. I
don't even know where to begin.
Thank you!Good you have added the class. Please use the following link for the detailed information about Win32_Battery:
https://msdn.microsoft.com/en-us/library/aa394074(v=vs.85).aspx
Last Full Charge should guide your decision on replacement.
Following link will help you as well:
http://www.helpwithwindows.com/Windows7/Check-your-laptop-battery-health-in-Windows-7.html
-RG -
Financial Reporting - Report permissions problem HFM 11.1.2.1
In Workspace, Explore, I added a new report. If I right-click and choose Edit Permissions there are no permissions showing. I added the viewer role as view, interit. I even waited 24 hours and the users still cannot see this report, eventhough I can see it.
Any tips for setting report permissions? I checked Shared Services and they are provisioned for theExplorer, Dynamic Viewer and Viewer roll for reporting.It actually did take a few hours because I did have them log off this morning after I set to view. I'm not sure if it is something I should pursue. This is a new environment (2 months).
-
I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.
You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/ -
SCCM report on last time each Office application was used
I have set up the correct SCCM software metering rules for each of the Office suite executables like Outlook.exe, MsWord.exe etc. I would like to report on usage of each executable in the Office suite. This is useful for us because we can work out things
like if a user only uses Outlook and nothing else in the Office suite then we can move them to Outlook Web Access and uninstall Office, therefore reducing the number of Office licenses required.
I'm sure the data is there but not sure how to extract it. For all the machines in the environment, I would like to have a report showing something like this:
Name Last date Outlook.exe used Last date Excel.exe used
PC001 01/01/2011 15/03/2011
PC002 02/02/2011 Never run
PC002 Never run Never run
There doesn't seem to be an existing report that I could use / modify, just wondering if anyone has attempted this before?I wonder, what is the use of this report. I think, you can try to create a custom report with the help of two links given below?
http://myitforum.com/cs2/blogs/jmarcum/archive/2011/05/19/157675.aspx (Beginners Guide to Writing SCCM Reports)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22052 ()Creating Custom Reports By Using Configuration Manager 2007 SQL Views)
Anoop C Nair - Twitter @anoopmannur
MY BLOG:
http://anoopmannur.wordpress.com
SCCM Professionals
This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
SCCM report query that displays count of cpus per host and if host is physical or virtual
Hello,
I have this query that displays the count of CPUs per host. How can I add a column to show if the host a physical or virtual?
SELECT
DISTINCT(CPU.SystemName0) AS [System Name],
CPU.Manufacturer0 AS Manufacturer,
CPU.Name0 AS Name,
COUNT(CPU.ResourceID) AS [Number of CPUs],
CPU.NumberOfCores0 AS [Number of Cores per CPU],
CPU.NumberOfLogicalProcessors0 AS [Logical CPU Count]
FROM [dbo].[v_GS_PROCESSOR] CPU
GROUP BY
CPU.SystemName0,
CPU.Manufacturer0,
CPU.Name0,
CPU.NumberOfCores0,
CPU.NumberOfLogicalProcessors0I see that you have posted this exact question in another forum for CM12, however this is an CM07 forum.
Are you CM07 or CM12?
If you are CM12, use my answer here.
http://www.systemcentercentral.com/forums-archive/topic/sccm-report-query-for-cpu-cores/
If you are CM07, this is NOT a simple how exactly do you detect that a computer is a VM? You can guess by looking at the manufacturer name but it is only a guess.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
SCCM Reports Will Not Run - SQL Connection Issue
We have SCCM 2012 R2 CU2 and SQL 2012 SP1 CU6. We used to build our SCCM suites with SQL on the site server and have never had this problem that we now have on a new suite but this time we hosted SQL on its own server (SQ01) separate from the site server.
SCCM made the SQL server a component server (makes sense) and forced us to put Reporting Services on the SQL server (when trying to put it on the site server it would not find the instance-CM01, as that one has SSRS on it). The site server is ABC01. We've
already fixed a couple errors in regards to this issue.
The Reporting Services installed on SQ01 fine. When you go to reports in admin console it loads the 419 default SCCM reports just fine. But none of them will run properly. They open up but a popup appears with this error in the error details popup:
"An error has occurred during report processing....AbortedException: An error has occurred during report processing...ReportProcessingException: Cannot create a connection to data source AutoGen__(many numbers). System exception..."
If you go to SQ01, open Reporting Services Config Mgr, connect to instance SC01, click the URL under Report Manager URL, it prompts you for a logon (but should not do so) and you can log in with the service account selected when the Reporting services were
installed in SCCM Admin Console, drill down into ConfigMgr_ABC, click on the default created data source named {bunch of numbers}, and herein there are two more problems....1) it doesn't save the pwd for the service account, when clicking test connection we
often have to reenter it, and 2) the ConnectionString has this entry for Source="ABC01.fqdn/CM01" but it will never connect with that. If we change it to just "CM01" and it is currently holding the pwd, it will test connect successfully
but after just a few minutes it won't because something has reset the connection to "ABC01.fqdn/CM01" and forgotten the pwd. It is apparent that something is overwriting the settings in a way SQL currently doesn't like.
Also, we have an alias within SQL in this format "SQ01.fqn/CM01" when SQL already has a "CM01" alias. This seems to be a problem too.
Any input appreciated.
Ben JohnsonWYOK, I'm duly web-embarrassed. Apparently due to some firewall blockage, my Admin Console on my workstation (which is in a different VLAN from these servers), could not save the changed Reporting Services configs to SQL. When we made the changes using the
Admin Console on ABC01, it all started working.
Ben JohnsonWY -
Hi,
I am new to SCCM reports and all I want to find is the MAC address, System Name and System Serial Number. I need to do this by either collection or IP subnet but cannot seem to get the code correct. I have the following so far:
SELECT
a.Hardware_ID0 as [MAC Address],
a.Netbios_Name0 as [System Name],
b.serialnumber0 as [System S/No]
FROM v_r_system a,
v_gs_pc_bios b
WHERE a.ResourceID = b.ResourceID
This gets all the information required but it is for our whole estate and like i said I need to get it for a collection or IP subnet. Can someone please help?
regards
KevinHow about below Report query: which gives you mac address and hostname list:
Select
v_R_System.Netbios_Name0, SYS.User_Name0,
v_RA_System_MACAddresses.MAC_Addresses0
from
v_R_System, v_R_System SYS, v_RA_System_MACaddresses,
v_fullcollectionmembership
where
v_ra_system_macaddresses.resourceid=v_r_system.resourceid
and v_fullcollectionmembership.resourceid=v_ra_system_macaddresses.resourceid
and SYS.resourceid=v_r_system.resourceid -
SCCM Report for hard disk mode (IDE/AHCI)
May I ask you if anyone of you is aware of and has an example on how to create a SCCM report to find out if the hard disk mode is set to IDE or AHCI?
Many thanksYes, I know this is an old post, I’m trying to clean them up, Did you figure this out, if so how?
This information is not collected by default and therefore you will need to collect it first before you can report on it.
http://www.enhansoft.com/ -
SCCM report data are missing inside report since Update SCCM 2012 to R2 Cu1
Hi All,
I encountered an issue regarding certains SCCM reports after migrating to SCCM R2 CU1.
After this upgrade, I've already encountered some issues on differents reports .. reports where we need to select a collection or patches or computers from a drop list (all theses drop list were empty).
I resolved these issues by adding the "read" security permission in the security role dedicated to our Support Team. (Read permission is now applied on Collections, Packages ect...)
This sort of report works well now.
But this same Team show me another issue where I did not find any resolution.
In the categorie called "Hardware - General", we have a report named "Computer information for a specific computer" where, as you know, we normally could find some informations regarding a computer.
In fact, the only informations which are visible through this report are the NetbiosName,Username, Domain User & computer and IP adress.
All others informations are not displayed.
If I use this report with a user who has admin rights in SCCM (which is not the fact with my support team of course) ...all informations are displayed normally.
It seems that it looks like the first read rights issue that I encountered at the beginning, but I did not find where could be the cause of this issue
Does anyone has already seen this sort of issue ?In CM12R2 RBA is now enabled for report. So this tell me that you have NOT grant the support team access to the data and therefore this is normal.
There is a quick fix for this see Brian post.
http://www.mnscug.org/blogs/brian-mason/162-report-user-role
http://www.enhansoft.com/ -
I am trying to create a Macro based Excel file that would contain a Macro, when executed would download a SCCM Report into a CSV file. At the moment I have to manually go to the webpage, wait for the report to be created and then click on a "Export
to a file" button then choose a location and save. All is fine but I wanted to have some kind of automation. Since the webpage is created using SSRS reporting I cannot use standard HTML call out procedures like in these YouTube videos:
Excel VBA Pull Data From A Website
Get web page data into Excel using VBA
I have tried these VBA lines:
Sub Get_SCCM()
Dim IE As New InternetExplorer
IE.Visible = True
IE.navigate "www.google.co.uk"
Do
DoEvents
Loop Until IE.readyState = READYSTATE_COMPLETE
Set TextBox = IE.document.getElementsByName("q")
TextBox.Item(0).Value = "OK"
End Sub
This Macro executes without any problems and you can see that the "OK" has been input into the Google searchbox. But When I tried this code:
Sub Get_SCCM()
Dim IE As New InternetExplorer
IE.Visible = True
IE.navigate "http://<Server_Name>/Reports/Pages/Report.aspx?ItemPath=%2f<Reports_Name>%2fInfrastructure%2f<Name>%2f<Report_File_Name>"
Do
DoEvents
Loop Until IE.readyState = READYSTATE_COMPLETE
End Sub
I receive an error:
Run-time error '-2147417848 (80010108)'
Automation error
The object invoked has disconnected from its clients
Even does not work when trying to add extra lines like IE.document etc.
Any suggestions on how to export a CSV file with the report from SCCM webpage using VBA in Excel.
Thanks!SSRS reports can be automatically sent to a file. Ask your admin how to configure a custom scheduled report. The report can go to disk or beemailed on the scheduled.
¯\_(ツ)_/¯ -
Hi Guys,
I am looking for a sccm report which should provide total number of actual patches installed by us on all the machines (present in target collection). For couple of updates after sync it shows installed already on some machines.
Example:
CName | Total Patches | Already Installed | Installation triggered by Deployment | Collection ID
AW001 (123) (2) (17) CL00001
AW002 (123) (1)
(21) CL00001
AW003 (123) (1)
(26) CL00001
I am specially looking for 'Installation triggered by Deployment ' number
I would appriciate very much your the help.
Thanks,
ChandanHi Chandan,
You could try to create your custom report based on Software Updates Status views.
Software Updates Views in Configuration Manager
http://technet.microsoft.com/en-us/library/dn581945.aspx
Best Regards,
Joyce -
Report Permissions
RequestCenter 2006.0.8
We need to setup certain groups or individuals with permissions for their reports only. Is anyone doing this? I reviewed some of the documentation but still having problems adding users. Do you use groups in RequestCenter, Cognos or both?
Thanks.
AaronYou have to create roles (or groups) and assign people to them in RequestCenter, then manipulate which reports are accessible to those roles in Cognos by overriding permissions inherited from the parent. For example, say I create a role called "Financial Reports" in RequestCenter, grant it to some people, and give it a capability to run RequestCenter reports. That role would allow the grantees access to all RequestCenter reports. I then, in Cognos, need to search for the reports in question, and remove
Maybe you are looking for
-
Track actions and send them to a server.
I am not expert in Adobe Captivate but I was inquired by a possible customer if we would be able to track presentations and trainings, like capturing for example when the user viewed it, time taken, get some text field inputs, quiz results, etc. In s
-
i have a problem with my MacBook Pro is the almost of my app not working at all like a app store and terminal and other important apps please if u can help me as fast as you can cuz i don't wanna format it that's why am on Mac now not win ?
-
I have mac book pro, 15inch server color, 2008 modal, few days before I was watching movie at the same time I was chating on face book, suddenly my mac stuck so I just tried to force shutdown, by pressing shadown key for 7sec, and after I try to turn
-
It's somewhat slow on my mac, maybe I'm not using the best one: Wifi, Bluetooth or USB connection?
-
Poor quality when connect my Viewsonic monitor 22, to Macbook pro
Just got a Viewsonic monitor 22 VA2246m-LED , connected to Macbook pro 13" The quality of the type is very poor. I call Viewsonic tech support & they could not recommend any drivers. Check the website & no drivers were list. How can this issue be cor