I just found something that I would've thought that SCCM would do automatically but it doesn't, DCOM and WMI permissions. You need to set them manually on the site server for every user that has the administration console installed on their PC. For example, since I have the administration console installed on my PC to manage my two site servers, I need to give myself permissions in both DCOM and WMI on both site servers. Who would've guessed? The console will work ok without doing this, but I'm guessing it might work better after doing this? Follow the below to set the permissions...
DCOM
- Go to Start -> Run and type dcomcnfg.exe
- Select the console root and expand component services
- Expand computers, then click My Computer
- Click Action along the top, then Properties
- Click the COM Security tab
- In the launch and activation section, click Edit Limits
- Click Add, and add a group that your SCCM administrators are a member of, or just add your username
- Give that group or user you just added Local Launch and Remote Activation permissions
WMI
- Go to Start -> Run and type wmimgmt.msc
- Right click the WMI Control node, and click Properties
- Select Security
- Go to the SMS folder
- Add the same groups as you did for DCOM and set allow for Enable Account and Remote Enable
Maybe by setting these, the Administration Console will be less buggy??
Enjoy
No comments:
Post a Comment