Hallo everyone! Following users, rights and Collection structure: User1 member of Group1. Group1: Site Class: read, import computer entry Collection Class: create, delegate Computer Association Class: create, read Collection structure: RootCollection -- ImportComputerColl (Instance rights for Group1: Delete Resource, Modify, Modify resource, Read, Read Resource, Use remote tools, View collected files) -- AllSystems (No Permissions) Now ifuser1 wants to import a computer entryvia right click on"Computer Association" and select "Import Computer Information" the import fails ifi select the "ImportComputerColl" as destination collection with an error. If the destination collection is blank the import works an the computersystem shows up under "All Systems". If i add the collection class "read resource" right to group1it will work fine but then all members of this group will see all collections.So why can i import computers withouta destination collection without this right? What is the difference that this behaviour will be needed? Error: Code Snippet Error: Following computers have not been imported: Name: Computer1MAC Address: 00:0C:29:A4:04:57SMBIOS GUID: Source Computer: Choose Target Collection: ImportComputerCollErrorsYou do not have security rights to perform this operation.ConfigMgr Error Object:instance of SMS_ExtendedStatus{Description = "User \"DOMAIN\\user1\" has no read resource rights in any collection for this ResourceID";ErrorCode = 1112017920;File = "e:\\nts_sms_fre\\sms\\siteserver\\sdk_provider\\smsprov\\sspcollection.cpp";Line = 735;ObjectInfo = "1";Operation = "ExecMethod";ParameterInfo = "SMS_Collection.CollectionID=\"00000026\"";ProviderName = "WinMgmt";StatusCode = 2147749889;}; Best regards, Markus EDIT:// And another Question: Why does a user need "Manage Folders" right on packages class if the user want to create a package under a folder?

Unfortunately this is a known issue in the RTM release. It is because how we are adding the newly imported instances in the back end. The only obvious solution you can opt for is to just single that user out of the whole group and givehim the"Read" right to the"Collections". I hope this was helpful.

Ok. Thanks! If this is a RTM "Bug" then i'll test it with SP1 for SCCM. Maybe the behaviour has changed...

Hi there - i am running SCCM R2, and i have a usergroup (supporters) that i need to limit to some collections... I have tried to set the class rights for collections to read and read resource - and then the users in the supporters group can deploy just fine - and only to the collections that i have given them access to (more than read on instance level). My issue is that we normally have our collections seperated into our different domains, and the admins on each domain can only see their own collection (branch of the three).. this won't work if i have to open for read and read resource on the class level.By the way the so called bug has not been resolved in R2 version - it seems... or do i have to updatethe sccm console on our helpdesk terminalserver as well to make it work perhaps ?

Hi All Has there been any bug fix for this, as it seems the computer imports to the All Systems collection even though the client can not see that collection. I think this is a fundemental flaw ..it errors but actually sticks the imported computer information into the All Systems collection. I want to lock down my collections as I dont want Workstation Admins seeing servers and Vise a Versa, at the moment it looks like I am going to have to give everyone read resouce at the Class level which i shouldnt need to do. Regards Neil

Hi there - About the issue with the RTM Release - as you can see in the forum, this bug / known issue - is also there in the R2 release.. Can you or any other MS expert try and get back to us about when the issue will be adressed ?? We are using SCCM in 8 domains and we have the collection rights set so that SCCM admins on each domain can olny see their own collections - and this bug / issue will affect our setup negatively until it is addressed / solved. Yours Erling B. Kjeldsen

I was experiencing a similar problem with SCCM 2007 SP1 R2 under the following setup:- A central primary site which I'd used to create the collection I was attempting to place the machine(s) into, and;- A child primary site which was hosting WDS and I'd used to build my task sequences etc.My originalcollection was created on the Central Primary site and it was therefore'owned' by that site and even though I was using an account that had appropriate permissions on the collecton, the child primary site is unable to access it.The workaround I used was to create a collection atthe child primary site and then run the Import Computer Information wizard. Because the collection was created at the child primary level, it has permissions to use it and the wizard completes sucessfully.I'm not sure if I'm reading the technet doco incorrectly or if this is missing/poorly explained, perhaps it could be clarified to make this a little clearer.Paul Hewson

Hi there - Sorry but your answer dosen't solve our problems - we have a forrest with 8 domains (and domain admins from each domain running SCCM on our SCCM Server). Everything is working fine (using SCCM security settings and AD groups to seperate the users from each domain, so that doman A can't deploy or see collections used by domain B and so on.. ) The small BUG we are talking about here is still there in our SCCM SP1 installation, and the BUG is the reason that i have to let helpdes staff on domain A see the collections from domain B. So the only reason this is working now is, that the SCCM Package deployment users from domain A is not the same accounts as the helpdesk staff from domain A - so i can keep the reduced read-access to the collections, that prevents SCCM admins from domain A from deploying / using collections from domain B.So i am very much hoping that the BUG will be fixed in the SCCM R2 when it changes status from Beta to RTM - cah you please check that ang get back to us perhaps ? Yours Erling B. KjeldsenUniversity of Southern Denmark

Not sure what you are talking about here Erling. Configuration Manager 2007 R2 went RTM eitght months ago, so there are no updates coming for that. I never heard any MS person state that this 'bug' was to be fixed in the SP1 release, and if not there, then R2 would not fix it, as R2 was just exposing new features of the admin console, not a bug fix release. I checked, and do see a bug fixed in the SP2 release that will remove the requirement to have Read rights to the Collection class in order to import records. You can validate that it works in the beta release of SP2 when it is released later this summer.Wally Mead

Thanks Wally - i am sorry if i have been a bit comfused about the versions, i am running 4.00.6221.1000 Build 6221 on my server and also 4.00.6221.1000 on my clients. I guess that what i have heard is the same as you are stating, that the problem will be fixed in the SP2, and i am very glad to hear from you that the release will be in beta this summer... Thanks.

it there already a fix for this bug? I'm having the same problem (secondary site admins need the read right on 'collections' instead of their own collections)