Security Scopes for Antimalware Policy
A few others and myself have begun discussing our problems with security permissions on Antimalware Policies in a previous thread: http://social.technet.microsoft.com/Forums/en-US/ee5baed5-095b-4a02-8e60-cbe3e32b5b3c/security-scopes-and-antimalware-policies?forum=configmanagersecurity
We require the ability to limit administrators permission "by policy". As it currently stands, the only option is to grant Administrators Full permissions which gives them the ability to modify
every Antimalware Policy.
This is a request to enable the ability to use Security Scopes for Antimalware Policies.
Thank you.
April 3rd, 2014 2:56pm
Judochunk: thanks for opening a new thread. Here are my thoughts (previously posted in the original thread).
This is a serious problem for our site. We have 15 sub-organizations where each organization administers its own policies with its own admin personnel (a total of approximately 50 people). We have had incidents where an admin for one org accidentally modified
the policy of another org; we need the ability to restrict access to the Antimalware policies as it was prior to SCCM 2012 SP1 or any equivalent mechanism that can be implemented.
This has been an issue for over a year. Posts (March 5, 2013) in the previous thread indicated that a hotfix would be available and later (July 15, 2013) indicated that the fix would be available in SCCM 2012 R2.
Could someone from Microsoft provide a definitive answer as to whether/when this will be fixed?
Thanks,
Larry
-
Proposed as answer by
Garth JonesMVP, Moderator
Saturday, April 12, 2014 2:12 PM
-
Unproposed as answer by
judochunk
Monday, April 14, 2014 2:10 PM
April 3rd, 2014 3:19pm
Garth - I see you marked my question as a proposed answer. Could you remove that designation, please? It's just a question. And, it would be very helpful to have an answer. Thanks
April 14th, 2014 1:47pm
Could someone from Microsoft provide a definitive answer as to whether/when this will be fixed?
The only way you will ever get someone from MS to answer this, is to open a call with CSS, it will NOT happen within the forums.
April 26th, 2014 1:03pm
Garth, Thanks - that makes sense and I'll pursue that avenue. In the meantime, let's leave this thread unanswered. When/if I get an answer, I'll be glad to post it here. If anyone else knows (or receives) an answer before then, posting would be greatly
appreciated. Larry
April 26th, 2014 2:05pm
Just be forewarned that nothing will change until you open a CSS case or create an Connect item explaining the issue and the cost to the org. Posting things here will
NOT change anything.
April 26th, 2014 4:47pm
So what the status of this, have either of you open an case with CSS?
May 3rd, 2014 3:29pm
We have not opened a case. Our support contact is quite limited and our organization is unable to assign any funds to the project.
May 5th, 2014 1:59pm
Any update on this? Has anyone create a CSS case or open a connect item?
Nothing will get fixed until one of those two options is done.
May 24th, 2014 2:14pm
Anyone with any news?
I still don't see a change in CU3 for R2 :(
November 12th, 2014 8:46am
Anyone with any news?
I still don't see a change in CU3 for R2 :(
I don't think that anyone has open a case with CSS or posted the suggestion to Connect, until that happened nothing will be done.
November 12th, 2014 2:28pm
Garth,
I have opened a case about this about a year ago AND forwarded a few Hi-ED references who need this. Still no Progress.
February 16th, 2015 6:20pm
Hi Rick, You have my email address, forward me the case id and I will see what I can do.
February 16th, 2015 7:01pm
I am investigating SCEP for BYU. This is a huge issue for us, is there any update on this? Our current implementation of Symantec allows scoping
Dan Cunningham
Chief Engineer
Enterprise Solutions Engineering
Office of Information Technology
Brigham Young University
April 24th, 2015 11:54am