Configuration Manager 2007 Package Access Accounts



One of My Customer recently migrated from SMS 2003 to SCCM. They had this unique requirement based on the current setup that all the Distribution point should have read access for the SYSTEM / NETWORK /INTERACTIVE Accounts on the Package share in order for the Application to work correctly. SCCM has a strict check for DOMAIN\USER format in the input, which was probably not enforced in SMS 2003


 


So when they tried to specify an account they would obviously get the error “The Windows User Account Name you entered is not valid. Please enter a user name of the form: Domain\User”


 


 


Finally we had to come out with a custom script to get this thing working, once the script ran it added the account to the Package Access Properties.


 ‘***********************************
‘ Update usernames for PkgAccess
‘ Adding user accounts which donot meet domain\user criteria
‘ Author jeevanb@microsoft.com
‘ Note: This is not an official Microsoft too/script and just something that I created for my own personal use.
‘ As such, Microsoft makes no warranties or guarantee’s regarding the applicability of this utility
‘ nor does Microsoft support the use of this tool in any way. This is just one of those ‘use at your
‘ own risk’ type of things that hopefully you’ll find helpful.
‘***********************************


 


Option explicit


Dim objectSWbemLocator


Dim objectSWbemServices


Dim ProviderLoc


Dim Location


Dim PackageID


Dim NewUser


Dim Path


Dim Args


Dim SiteCOde


 


Set args = WScript.Arguments


 


if (args.Count>0) then


 


 


PackageID = args.Item(0)


 


‘ Locate the Site Code from SMS Provider


Set objectSWbemLocator = CreateObject(“WbemScripting.SWbemLocator”)


Set objectSWbemServices= objectSWbemLocator.ConnectServer(“.”, “root\sms”)


Set ProviderLoc = objectSWbemServices.InstancesOf(“SMS_ProviderLocation”)


 


 


‘Connect to the Site Provider


For Each Location In ProviderLoc


 If Location.ProviderForLocalSite = True Then 


 Set objectSWbemServices = objectSWbemLocator.ConnectServer(Location.Machine, “root\sms\site_” + Location.SiteCode)


 SiteCOde=Location.SiteCode


 End If


  Next


 


‘Add instances to the SMS_PackageAccessByUsers class for Interactive\SYSTEM\Network users


 


Set Newuser= objectSWbemServices.Get(“SMS_PackageAccessByUsers”).SpawnInstance_()


‘”101″ – readonly


‘”511″ – FullAcess


 


 


 


Newuser.Access = “101”


Newuser.username = “[“”Display=\Interactive””,””AccountType=user””]MSWNET:[“”SMS_SITE=” & SiteCode & “””]user=\Interactive\”


Newuser.PackageID=PackageID


Path=Newuser.Put_


 


Newuser.Access = “101”


Newuser.username = “[“”Display=\SYSTEM””,””AccountType=user””]MSWNET:[“”SMS_SITE=” &  SiteCode & “””]user=\SYSTEM\”


Newuser.PackageID=PackageID


Path=Newuser.Put_


 


 


Newuser.Access = “101”


Newuser.username = “[“”Display=\NETWORK””,””AccountType=user””]MSWNET:[“”SMS_SITE=” & SiteCode & “””]user=\NETWORK\”


Newuser.PackageID=PackageID


Path=Newuser.Put_


 


 


Wscript.Echo “Modified Access for ” + packageID + ” on Site ” + sitecode


SET Newuser=Nothing


 


else


 


Wscript.echo “Usage is :::   drive:\>cscript  ACLModify.vbs <PACKAGEID>”


 


end if


 


‘*** end of script 


 Script is attached for the reference.


Note: This is not an official Microsoft tool/script and just something that I created for my own personal use.  As such, Microsoft makes no warranties or guarantee’s regarding the applicability of this utility, nor does Microsoft support the use of this tool in any way. This is just one of those ‘use at your own risk’ type of things that hopefully you’ll find helpful.


 


Jeevan Bisht | Support Escalation Engineer

ACLModify.txt

Comments (0)