Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Security: Prevent or prompt for modifications to collection rules with existing deployments

We now have deployment verification to prevent damaging deployments from being created, but that doesn't stop existing deployments from being deployed accidentally.

It would be great to prevent or atleast prompt for any modifications to collection membership rules (large number of direct adds, include, query) when the collection already has an existing deployment.

Originally mentioned:
https://www.reddit.com/r/SCCM/comments/4qhcwg/amawe_are_the_configmgr_team_here_to_talk_about/d4tb5qv

22 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Daniel Ratliff shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Noted  · 

4 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • jrassi commented  ·   ·  Flag as inappropriate

    yes, I don’t want custom role users to be able to add collections into other collections, we should be able to limit it to just machines\users. So think of it like this, separate the RBAC rights for the selected items feature; from the add resources feature. this is so critical, does this explanation make more sense?

  • Calum commented  ·   ·  Flag as inappropriate

    To be useful, this would really also need to include checks for include/exclude membership rules - collections don't always directly have something deployed to them but a collection they're included in may well do.

  • Matthew commented  ·   ·  Flag as inappropriate

    make this a hierarchy setting and allow the action to disable the Deployments if so desired.

Feedback and Knowledge Base