RE: trouble importing wim images - share and ntfs permissions best practice

Hi

i am having endless trouble getting images imported into sccm 2012 r2. i build and capture an image with mdt 2013. the user i capture and build with has full control share and ntfs permissions to the capture directory (not the default suggested by mdt) and the capture goes without any issues. however when i try to import the image sccm complains that i either do not have access or the wim is invalid. this is the second time this has happened to me and i have re-installed the deployment tools, windows pre-installation environment and the usmt.

i am not sure its permissions, since i can browse to the location. what is strange though is that when i log onto the server as domain admin i am unable to browse to the unc location of the file even though i have share and ntfs permission for the folder. the server account has also got permissions for the location. my question is this:

i know the import works when the everyone group has change permissions for the share, but surely there is a way i can make this more restrictive?

May 29th, 2015 3:55am

"re-installed the deployment tools, windows pre-installation environment and the usmt."

None of that has anything to do with importing an image.

ConfigMgr does not use your account to actually import items, it uses the permissions of the system hosting the SMS Provider (this is usually the site server but doesn't have to be).

Why do you care about share permissions though? The standard (best practices are for labs and textbooks, not the real-world) is to only use everyone in share permissions and allow NTFS permissions to define effective access. If you desperately want to set the share permissions (thus adding two layers and increasing complexity with no benefit), then you need to either assign the local SYSTEM account permissions or the computer account for the system hosting the SMS Provider depending upon the location of the share relative to this host. Note that this can also be influenced by your security settings. And as mentioned, this doesn't give you any benefits so just stick with everyone for the share permissions.

Free Windows Admin Tool Kit Click here and download it now
May 29th, 2015 8:46am
noted. thanks for the feedback.
May 29th, 2015 9:05am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics