Udostępnij za pośrednictwem


Explicit rights for Preinst

I recently had to manually remove a secondary site (S01) from a ConfigMgr 2007 SP1 hierarchy.  It deleted ok from the parent site (P01), but since that doesn't replicate up the hierarchy, I had to go to the Hierarchy Maintenance Tool (Preinst.exe) on the central (C01) site to fully remove it.  However, when logged on to the central site as a ConfigMgr administrator (full rights granted via a domain security group), I was getting the following result when running preinst.exe /delsite S01 P01:

S01 is not a known site.

The ConfigMgr Documentation Library topic on the Hierarchy Maintenance Tool (Preinst.exe) has the following blurb that applies to this situation:

"...The logged-on user must explicitly have the Site - Administer security right; it is not sufficient that the logged-on user inherits this right by being a member of a group that has that permission."

Following the documentation I granted myself the Administer right on the Site class, which by default also adds the Delete, Modify and Read rights.  I removed the three other rights and explicitly added just the Administer right for my user, reran preinst and received the same result.  I modified my right on the Site class to also include Delete, Modify and Read as the wizard desires, and then when running preinst.exe /delsite S01 P01:

Deleted site S01 from the database.

This is a well documented, by design issue from SMS 2003 (KB833179) which recommends selecting all rights for the Site class which obviously varies from the ConfigMgr documentation. In short: Site - Administer alone is insufficient.

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use .