Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Security: Prevent or prompt for modifications to collection rules with existing deployments

We now have deployment verification to prevent damaging deployments from being created, but that doesn't stop existing deployments from being deployed accidentally.

It would be great to prevent or atleast prompt for any modifications to collection membership rules (large number of direct adds, include, query) when the collection already has an existing deployment.

Originally mentioned:
https://www.reddit.com/r/SCCM/comments/4qhcwg/amawe_are_the_configmgr_team_here_to_talk_about/d4tb5qv

20 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Daniel Ratliff shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Noted  · 

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • jrassi commented  ·   ·  Flag as inappropriate

        yes, I don’t want custom role users to be able to add collections into other collections, we should be able to limit it to just machines\users. So think of it like this, separate the RBAC rights for the selected items feature; from the add resources feature. this is so critical, does this explanation make more sense?

      • Calum commented  ·   ·  Flag as inappropriate

        To be useful, this would really also need to include checks for include/exclude membership rules - collections don't always directly have something deployed to them but a collection they're included in may well do.

      • Matthew commented  ·   ·  Flag as inappropriate

        make this a hierarchy setting and allow the action to disable the Deployments if so desired.

      Feedback and Knowledge Base