Freigeben über

Configuration Manager 2007 Package Access Accounts

  • Artikel

One of My Customer recently migrated from SMS 2003 to SCCM. They had this unique requirement based on the current setup that all the Distribution point should have read access for the SYSTEM / NETWORK /INTERACTIVE Accounts on the Package share in order for the Application to work correctly. SCCM has a strict check for DOMAIN\USER format in the input, which was probably not enforced in SMS 2003

So when they tried to specify an account they would obviously get the error “The Windows User Account Name you entered is not valid. Please enter a user name of the form: Domain\User”

Finally we had to come out with a custom script to get this thing working, once the script ran it added the account to the Package Access Properties.

'***********************************
' Update usernames for PkgAccess
' Adding user accounts which donot meet domain\user criteria
' Author jeevanb@microsoft.com
' Note: This is not an official Microsoft too/script and just something that I created for my own personal use.
' As such, Microsoft makes no warranties or guarantee's regarding the applicability of this utility
' nor does Microsoft support the use of this tool in any way. This is just one of those 'use at your
' own risk' type of things that hopefully you'll find helpful.
'***********************************

Option explicit

Dim objectSWbemLocator

Dim objectSWbemServices

Dim ProviderLoc

Dim Location

Dim PackageID

Dim NewUser

Dim Path

Dim Args

Dim SiteCOde

Set args = WScript.Arguments

if (args.Count>0) then

PackageID = args.Item(0)

' Locate the Site Code from SMS Provider

Set objectSWbemLocator = CreateObject("WbemScripting.SWbemLocator")

Set objectSWbemServices= objectSWbemLocator.ConnectServer(".", "root\sms")

Set ProviderLoc = objectSWbemServices.InstancesOf("SMS_ProviderLocation")

'Connect to the Site Provider

For Each Location In ProviderLoc

If Location.ProviderForLocalSite = True Then

Set objectSWbemServices = objectSWbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)

SiteCOde=Location.SiteCode

End If

Next

'Add instances to the SMS_PackageAccessByUsers class for Interactive\SYSTEM\Network users

Set Newuser= objectSWbemServices.Get("SMS_PackageAccessByUsers").SpawnInstance_()

'"101" - readonly

'"511" - FullAcess

Newuser.Access = "101"

Newuser.username = "[""Display=\Interactive"",""AccountType=user""]MSWNET:[""SMS_SITE=" & SiteCode & """]user=\Interactive\"

Newuser.PackageID=PackageID

Path=Newuser.Put_

Newuser.Access = "101"

Newuser.username = "[""Display=\SYSTEM"",""AccountType=user""]MSWNET:[""SMS_SITE=" & SiteCode & """]user=\SYSTEM\"

Newuser.PackageID=PackageID

Path=Newuser.Put_

Newuser.Access = "101"

Newuser.username = "[""Display=\NETWORK"",""AccountType=user""]MSWNET:[""SMS_SITE=" & SiteCode & """]user=\NETWORK\"

Newuser.PackageID=PackageID

Path=Newuser.Put_

Wscript.Echo "Modified Access for " + packageID + " on Site " + sitecode

SET Newuser=Nothing

else

Wscript.echo "Usage is ::: drive:\>cscript ACLModify.vbs <PACKAGEID>"

end if

'*** end of script

Script is attached for the reference.

Note: This is not an official Microsoft tool/script and just something that I created for my own personal use. As such, Microsoft makes no warranties or guarantee's regarding the applicability of this utility, nor does Microsoft support the use of this tool in any way. This is just one of those 'use at your own risk' type of things that hopefully you'll find helpful.

Jeevan Bisht | Support Escalation Engineer

ACLModify.txt