TRusted Source locations - Complete the Trusted Source story
I would like to see Trusted Source locations to be added to ConfigMgr as a Node in Administration, and permission so that only Full Administrator or a specific RBA Role can manage these locations.
All ConfigMgr wizards that allow path data-entry will be changed to become a drop down list of approved Trusted Source locations. The User will be able to navigate into the folder structure of the Trusted Source location, creating new directories with a restriction on placing content on the root of the Trusted Source location, since this can induce data-loss if the sub-folder is not specified in rare conditions.
No new Source locations will be allowed to be entered, unless created by a Full Administrator or an Administrator with the appropriate Security Role.
This will remove A) free-styling of UNC paths B) Fat-fingering during data entry of paths C) Data loss due to placing content on the root of a location and aborting then cleaning up by deleting everything in the specified folder (root folder). Other MVP's have witnessed this condition occur, Trusted Source locations and a restriction on placing content in the root of a location will resolve this issue without any code-changes required in other areas of the product (to solve the deletions of other content by mistake) and finally D) invalid or inappropriate Content Source locations being configured on-the-fly (really fat fingering) by support teams with enough rights to do so.
Brian Mason added: I have this share out there already: \\Apps\apps$ and under that share is say Workstations and Servers and DCs. When I create the DC scope, I get to add the UNC Source I've named as DC. The DC team never has to enter the name of the share, but instead they browse to that share, see their root folder and pick a sub-folder. No UI ever lets them pick the root either. Anytime they make a package\app\etc., they browse to where I've limited them to and must pick a folder there.
Please add in suggestions to compliment this proposed solution, and vote it up to complete the Trusted Source Story. Being in complete control of our source locations should be on every administrators "I want that feature right now" list
Mirko Colemberg commented
I have one in addition, how about to make that share available as a secure repository for add-package from Powershell too?