What share and NTFS permissions must I give users to deploy software through SCCM?

Similar Messages

• What Are The Minimum Permissions In Order An User To Be Able To Access User Profile Data With JavaScript And REST API

  The question says it all:
  What Are The Minimum Permissions In Order An User To Be Able To Access User Profile Data With JavaScript And REST API.?
  In the User Profile -> Permissions there is only the option for "Full Control".

  Hi Nikolay,
  Thanks for posting your issue, you need to set permissions on User Profiles = Read. Kindly find the below mentioned URLs to get the code and more details on this.
  http://www.vrdmn.com/2013/02/sharepoint-2013-working-with-user.html
  http://www.vrdmn.com/2013/07/sharepoint-2013-get-userprofile.html
  http://sharepoint.stackexchange.com/questions/61714/sharepoint-2013-call-the-rest-api-from-sharepoint-hosted-app
  http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2013/04/09/how-to-query-sharepoint-2013-using-rest-and-javascript.aspx
  I hope this is helpful to you, mark it as Helpful.
  If this works, Please mark it as Answered.
  Regards,
  Dharmendra Singh (MCPD-EA | MCTS)
  Blog : http://sharepoint-community.net/profile/DharmendraSingh

• How to Default what fields and assignment blocks appear for every user?

  Is there a standard way to default what users see in the webui? We'd like to display certain assignment blocks, fields, etc without having the user go thru the personalization process. There are certain pieces we need to display across the board for every user and would like to set this up in advance of them logging into the WebUI.
  Thanks in advance

  Hi James,
  With the business roles you can define what the user is allowed to see or do and not.
  So you create your special user business role e.g. Z_USER_SALESPRO and then you can create a business role specific configuration of the views (add/ remove fields) or overview pages (add/remove assignment blocks).
  If you want to you can also deny user with this business role the possibility to personalize their pages at all.
  If you want to show information to all user in the same way then just maintain the default configuration in the enhanced component. As the WebUI always looks for the most specific key found within the configurations available.
  Please make sure you work in default configuration of the enhanced component, else you change SAP standard cheat sheet.
  Hope this helps.
  Best regards,
  Thea

• Problems with UAC and NTFS File Permissions on a File Server.

  LarryG. wrote:
  It looks to me like your account doesn't have the proper permissions on all of the sub folders.  Can you verify that?  Once you have the proper permissions this issue should go away.
  This is a feature, not a bug.  You do not have permissions.

  Hello Everyone,I'm curious about your experience with UAC and NTFS permissions--in particular on a file server. In my case, I'm running Server 2012 R2.I have a very large company shared folder. I right click on it and go to properties to check the size. The size is only 5GB or so and should be over 300GB. How is this possible? I'm finding that some of its subfolders are tied into UAC and some folders are not. UAC-related subfolder:Non-UAC related subfolder:In the pictures above, both folders are department-related folders. They are not system folders. The folders have the same owner. The folders are located on the same folder level. When I try to view the permissions of the UAC-related folder, I get this:I'm a domain admin, so when I go through the prompts, I can see the permissions.But this is a total pain because I now require third...
  This topic first appeared in the Spiceworks Community

• SCCM 2012 report on computers with local shares and share permissions

  Very new to SCCM 2012, want to put together a report to show computers with local shares and the permissions on those shares (for security purposes, need to investigate any systems that have open shares_.
  Managed to add and now collecting information that populates v_gs_share and I have a handle on the report itself, just wondering how to collect the share permissions - I've seen other qustions on the boards that are similar but reference earlier versions
  of SCCM so wondering how to do it in 2012.
  Thanks

  So, where are you at?  The script is running, and the clients have the data in their local WMI namespace, root\cimv2\sms_sharepermissions ?
  So all that's left is to modify hardware inventory to pull that custom WMI Namespace in?  If so, it's not too horrid.  Take note of a workstation (or server) to which you have remote rights to; and which has run the script, so that on THAT specific
  machine, root\cimv2\SMS_SharePermissions exists.
  In your CM12 Console, Administration, Client Settings.  Right-click "Default Client Settings", Properties.  On the left, select "hardware inventory".  then on the right, Set classes..., now the fun part.
  Add...
  Connect..., and put in ThatServerOrWorkstation (for computername), and wmi namespace is root\cimv2.  Click the option "recursive", Connect.  (the trick here is rights to the target).
  From the results, it might be easiest to click on "classname" at the top for sorting, then go find SMS_SharePermissions.  Select that, ok ok ok ok (however many times you need to agree); and... we're done here.  Sit and wait for inventory to report
  that data up.  If you're paranoid, you can monitor dataldr.log; and force policy refreshes and hinv deltas on some boxes; but the key is patience.  if you think you've waited long enough; you probably haven't.  ;)
  Standardize. Simplify. Automate.

• What IMAP and SMTP must i use to connect to Apple Mail?

  what IMAP and SMTP server must i use in my Entourage email client to connect to Apple Mail?

  Use these settings for iCloud - http://support.apple.com/kb/ht4864

• Copy usernames and file permissions from old workgroup to new Active Directory

  Hi,
  I have a Windows Server 2003 R2 with about 60 users, 100 shared folders and 5000 subfolders. Each folder has share and protection permissions. Each subfolder has protection permissions. No active directory.
  I need to install Windows Server 2012 R2 (as Primary Domain Controller) and re-create
  the same users (which can have different guid but with the same username as the old server)
  the same shared folders, with the same permission as the old server granted to the users
  the same subfolders, with the same permission as the old server granted to the users
   all under Active Directory.
  Is there a way to automate these steps?
  Thanks!

  Look in script repository for scripts that export local users and groups.
  You will have to learn how these two systems work and develop a script / method for translating between the two systems.  It is very dependent on what has been don on old system.  Using USMT and MDT would be the best. 
  Post in the deployment forum for instructions on how to use the MDT to migrate users in a batch.  You would start by adding the 2003 server to the 2012 domain and then the MDT can be customized to do the move.
  https://technet.microsoft.com/en-us/windows/dn475741.aspx?f=255&MSPPError=-2147217396
  https://social.technet.microsoft.com/Forums/en-US/home?forum=mdt
  ¯\_(ツ)_/¯

• Deploy software packages and applications (roles) to rolebased assets

  Hi everybody,
  I'm new to SCCM and I need some advice about how to deploy software suites (fixed lists of software packages and applications) automatically to our rolebased assets. Rolebased assets are assets that have predefined software suites or 'roles'. Combinations
  of several roles on a single machine are possible. We currently use Altiris NS for our software deployments. The system I have there is as follows.
  - regkey on the local machine defining the role(s) for that asset (values are streamed from our CMDB into the local registry) 
  - dynamic collection for each role based on the value in the regkey
  - task assigned to the collection to install the role(s) (a fixed list of packages and applications)
  - as stated several roles can be assigned to a single asset
  For the deployment of several roles to the same machine we use a in house built solution called Sequence Installer (SQI). SQI keeps track of which role it is installing and will put other roles in a queue. It also has retry and reset functionalities.
  In case of failure it will automatically retry from the failed step. We can also manually restart the SQI from the start or from the failed step.
  We are planning to migrate towards SCCM 2012 R2 and the purpose is to do as much as possible out-of-the-box. Meaning SQI should become obsolete and replaced by SCCM built-in functionality.
  For SCCM, I'm thinking to do it like this: use the regkey to populate a collection for each role and work with a task sequence for the role installation. I'm sure that will work, but perhaps there are far better and simpler ways to do this in SCCM? Furthermore,
  I'm afraid SCCM will not be as flexible as SQI when it comes to automatically retrying and/or resuming the installation sequence in case of failure (failures caused by something that doesn't need manual intervention of course, like source corruption,
  non-blocking failures, et cetera).
  Another way of doing it could be UDA, create a functional user representing each role and assign software to the user. Then link the assets needing a role as primary devices to the user representing the role and pre-deploy the software (in an OSD scenario).
  But again, also in this scenario I need the capability to automatically restart and retry failures.
  It would be great if I could get some other opinions on the subject, thanks guys!
  Kind regards,
  Chris

  nope, I did not start actual testing of the scenario, and this for several reasons (I'm sure TimDK understands what I'm talking about :-))
  - I work at a financial institution where things tend to go very slow (understatement of the year...)
  - I have a lab environment but no rights to create AD stuff for example, I have to officialy request these things and that takes time...
  - lab environment testing is very high-level (wake-on-lan, 1E nomad testing, et cetera), we'll promote in the near future to our test and development environment where more in-depth testing can be performed
  In short, I'm thinking about the concept(s) that can be used, actual testing and playing with it will be for later... I thank everybody for the tips, my goal is to get some thoughts and insights from the experts, one can only learn... I will feedback later
  about the what and how and which solution will actually gets implemented.
  Regards,
  Chris 

• SCCM 2012 R2 and NTFS\Share permissions auditing and inventory

  Does SCCM 2012 have the ability to run inventory and audit reports on client systems' NTFS and Share permissions?
  Any help would be greatly appreciated, as always. 
  Thanks

  Not built-in no. See this post for adding share permissions:
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/31be4d1c-28d3-4f67-a2f6-823ab2b13d1e/how-to-collect-share-permissions
  For NTFS permissions, something similar could be done if you had a limited set of folders or files that you wanted to inventory.
  You could also use compliance settings to track if/when specific permissions change.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Export a list Shares & NTFS permissions

  I would like a script or tool which can create a list of server shares, along with the relevant NTFS permissions on the directory structure and exports to either a .txt or .csv. Full group and member names would be nice.
  Any ideas? Thanks.

  Hi,
  http://support.microsoft.com/kb/125996?wa=wsignin1.0
  You could export the Shares with the Share Permissions via registry.
  If thats not enough here is a PS Script http://gallery.technet.microsoft.com/scriptcenter/List-Share-Permissions-83f8c419
  what´s the goal you like to reach?
  kind regards,
  Philipp Halbedel
  MCP 2003,MCITP EA Server 2008,MCITP EA Windows 7,MCSA2008,MCSA2012 
  Meine Antwort war hilfreich? ich freu mich über eine Bewertung. If my answer was helpful, I'm glad about a rating! 
  I do not represent the organisation I work for, all the opinions expressed here are my own.

• How Do I find out what app is auto-mounting a network share and stop it?

  I have a new laptop, the 13" rMBP.  I installed Steam and wanted to use the network share on my server to store the game files.  Everything went OK.  I closed Steam, disconnected the share and shutdown my laptop.  When I opened my laptop later on at work, it started to try and mount the network share.It keeps on going it.  I removed the Steam app and all files related to Steam that I could find.  I've looked at fstab, auto_home, auto_master and a large list of other files and directories and I *still* cannot find the offending file that's auto-mounting the share.  It's really frustrating.
  The share auto-mounts when I am home but not on the desktop or in finder.  I find it by looking at /Volumes/ in terminal.  If I mount the share manually under /Volumes/ it shows as Games-1 and mounts on the desktop under Games.
  Does anyone have any ideas on where I should be looking to find the offending process/file/daemon?
  Thank you!
  Trevor

  thanks for the reply but are you sure about this? What difference would it make? Why 5 apps?
  Even if it does work, which I doubt, at some point, I will have to resync ALL my apps again and surely the same thing will happen again, and I will be none the wiser. I still won't know which app it is. There must be a way of finding this out.
  Any ideas?
  What is really freaking me out is how it is connecting to my carrier (who is charging me) with Cellular data switched off.......?
  Thanks again.

• Unable to set NTFS permissions on share using PowerShell. The user shows up with no rights checked off.

  I am having a little problem here with setting NTFS permissions via PowerShell. 
  Basically I am able to make a new directory on the share, and assign a user NTFS permissions however it just assigns the select user without any permissions set.
  $username = "test.user"
  $directory = "\\testlab-sv01\Share\newfolder"
  New-Item -Path $directory -ItemType Directory
  $colRights = [System.Security.AccessControl.FileSystemRights]"FullControl"
  $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit
  $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::InheritOnly
  $objType =[System.Security.AccessControl.AccessControlType]::Allow
  $objUser = New-Object System.Security.Principal.NTAccount("$username")
  $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
  $objACL = Get-ACL $directory
  $objACL.AddAccessRule($objACE)
  Set-ACL $directory $objACL
  A side question, why isn't this native in Powershell? Is it for security reasons? I expected there to be a cmdlet for it. 
  Thanks. 
  Kyle

  When you say there are no permissions, do mean that the ACL Editor is showing 'Special permissions' and none of the other boxes are checked?
  Try changing the inheritance and propagation flags to this:
  $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags] "ContainerInherit, ObjectInherit"
  $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None
  That sets the ACE to apply to the folder (InheritOnly propagation flag isn't set) , subfolders (ContainerInherit inheritance flag is set), and files (ObjectInherit inheritance flag is set), which is necessary for the ACE to not be considered 'special' in
  the ACL Editor.
  Awesome. Thanks. That did work. 
  And yes I did mean that it was showing special permissions with nothing checked. 
  Kyle

• Mac Mini Sever - Public Share - how enable read and write permissions for new remote files

  Hi,
  this Sunday a friend ask me to help hum with a problem on is Man Mini Server. He has a small office and uses the mini server to share a public folder to all his employees.
  Everyone that creates a file, saves it to the public folder at the mini mac.
  That problem is that, who creates the file owns it and remains with read-only permissions to everyone else. The owner has to change the file permission in order to the rest of the employees can work on it.
  I do not know mac arquitecture, I only work with windows and linux, but i suspect the principles are the same.
  We try to create another folder , and share it, but it happens the same. Have you any ideas on what is wrong?
  I suspect it has anything to do with de file Sharing at the mini mac, but it has read and write permissions for everyone.
  Thanks for your help.

  signed applet. You aren't going to find any easy way to distribute that policy file to users, and that policy file, if you asked me to put it on my PC, I'd tell you to take a flying leap. That would open any applet to access.

• Show and Share Automatically Assign Permissions

  I have been looking and cannot find a whole lot on SnS permissions.  Our DMS is version 5.3.11 and we are using embedded authentication.  We have a setup so when a user connects to the TCS(5.3) to record a video it then automatically sends it to our MXE3500(3.3.2.0) then from there it automatically distributes it to our Show and Share and assigns it a category based on what address was dialed.
  What we want to do is have group and or user permissions assigned to the categories so only those users can see the videos.  Does anyone know if this is possible?
  Thanks for any help!
  -Scott                 

  Hi
  Integration with Active Directory :Cisco Digital Media Manager 5.3 provides integration with Microsoft Active Directory
  via the LDAP protocol to import both names and groups from Active Directory. Cisco Digital Media Manager and Show and Share users are then authenticated against MS  Active Directory during the login process. By categorizing the uses into different user group within DMM, administrator can control and manage the content viewing permission within Show and Share by associating the user group to the video during the publishing stage. There are three Authentication Mechanism available: ‘Embedded Authentication’, ‘LDAP Authentication’ and ‘Federation Authentication’ .Currently, Microsofts Active Directory is the only LDAP service that is supported. You have to choose LDAP Authentication , as the attached photo
  Thank you
  please rate all useful information

• Ntfs permissions on forest trusted share

  We have a two way forest trust. Consider this example:
  Forest A has:
  Domain Controller A
  Server A
  Forest B has:
  Domain Controller B
  Server B
  \\shareB (on Server B)
  I am a domain admin on Forest A, and my account has been given full permissions to Share B.  We have a two way forest trust, and have firewalled everything except communication between Domain Controllers A and B.
  The issue:
  If I log on to Server A, I am able to open \\shareB, but if I attempt to add/change ntfs permissions, I only see 'server B' when I click the 'Locations' button (I do not see either domain).
  If we allow on our firewall port 445 between Server A and Domain Controller B, it works.
  Is this working as designed?  Or is there a way to keep the firewall up and retain this functionality?
  Thanks,
  Jaime

  Hi Jaime,
  >If I log on to Server A, I am able to open \\shareB, but if I attempt to add/change ntfs permissions, I only see 'server B' when I click the 'Locations' button (I do not see either domain).
  How did you add/change NTFS permissions? In addition, would you please post a screenshot of the Locations?
  >If we allow on our firewall port 445 between Server A and Domain Controller B, it works.
  Port 445 has to be open, because User and Computer Authentication, Trusts require it to be.
  More information for you:
  Active Directory and Active Directory Domain Services Port Requirements
  http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
  Best Regards,
  Amy