Security

Machines in User’s Current OU and Child OUs

When requesting items on behalf of other users, the scope of the target machines will be limited to the machine objects in the user’s current OU and child OUs.

Security Group Matching

Uses Active Directory security groups to define a list of authorized users and the scope of authorized machines for which those users can make a request. Security groups require a specific naming convention as follows:

For example:

User A, User B, and User C in security group ESD_User_USA can request on behalf to Computer A, Computer B, and Computer C in ESD_Computer_USA security group.

Security Group and Collection Matching

Uses an Active Directory security group to define a list of authorized users, while matching that to a Configuration Manager collection that defines the scope of authorized machines for which those users can make a request. Security groups require a specific naming convention as follows:

For example:

User A, User B, and User C in security group ESD_Collection_SMS00001 can request on behalf to Computer A, Computer B, and Computer C in the Collection ID SMS00001 (All Systems).

Note • Evaluating collection membership is only supported for a single deployment technology, the deployment technology specified in the Inventory field on the Common tab of the Site Management > Settings > Deployment view.