I want to delegate permissions to delete "unknown" computer objects from SCCM console, that refers to computers that failed OSD on Win PE stage.
I provided "read only analyst" and custom role with collection\delete resource and site\read propertyes enabled.
This is enough to delete any computer object from console, except "unknown".
RBA Viever do not show that objects, so i can only guess which permission is needed or what to modify.
Correct me if I am wrong, but wouldn't the administrative use also need access to the "all systems" collections too? This might not be ideal in some environments. I think you could also create a collection targeting the "unknowns" and assign it an administrate user as long as that users has the rights you mentioned above. Thoughts?