Resources for IT Professionals >
System Center Configuration Manager Forums
>
Configuration Manager SDK
>
Security around console plugin
Security around console plugin
- I am authoring a utility that will be hosted through the SCCM console. I can add the action item to the console fine and it launches the exe fine. My question is how do I lock down this action item from certain users? I know sccm has the ability to hide parts of the console based on who is logged in. How can I add my action item to the security mix?
Answers
- I don't think that's possible, your extension is not a securable object from sccm's perspective.
"Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm- Marked As Answer byJim DempseyMSFT, ModeratorTuesday, November 17, 2009 1:45 AM
All Replies
- Are you calling the exe using a right click tool?
John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum - I don't think that's possible, your extension is not a securable object from sccm's perspective.
"Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm- Marked As Answer byJim DempseyMSFT, ModeratorTuesday, November 17, 2009 1:45 AM
- I would suggest that the only way to secure this would be NTFS permissions on the executable file.
- Kim is right. The console extensibility story was not built with security/"show me what's relevant" scenarios in mind. As Dean suggests, you could fiddle with file permissions to prevent unauthorized admins from being able to launch the executable, but that wouldn't prevent the user from seeing the extension in the console. I'm assuming you're dealing with a shared machine scenario (e.g. multiple admins remoting into the site server), as if you are dealing with different machines per user, the obvious answer is to only install the extension on the personal machines of those admins that should have it.
