Configuration Manager 2007 Package Access Accounts
One of My Customer recently migrated from SMS 2003 to SCCM. They had this unique requirement based on the current setup that all the Distribution point should have read access for the SYSTEM / NETWORK /INTERACTIVE Accounts on the Package share in order for the Application to work correctly. SCCM has a strict check for DOMAIN\USER format in the input, which was probably not enforced in SMS 2003
So when they tried to specify an account they would obviously get the error “The Windows User Account Name you entered is not valid. Please enter a user name of the form: Domain\User”
Finally we had to come out with a custom script to get this thing working, once the script ran it added the account to the Package Access Properties.
'***********************************
' Update usernames for PkgAccess
' Adding user accounts which donot meet domain\user criteria
' Author jeevanb@microsoft.com
' Note: This is not an official Microsoft too/script and just something that I created for my own personal use.
' As such, Microsoft makes no warranties or guarantee's regarding the applicability of this utility
' nor does Microsoft support the use of this tool in any way. This is just one of those 'use at your
' own risk' type of things that hopefully you'll find helpful.
'***********************************
Option explicit
Dim objectSWbemLocator
Dim objectSWbemServices
Dim ProviderLoc
Dim Location
Dim PackageID
Dim NewUser
Dim Path
Dim Args
Dim SiteCOde
Set args = WScript.Arguments
if (args.Count>0) then
PackageID = args.Item(0)
' Locate the Site Code from SMS Provider
Set objectSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objectSWbemServices= objectSWbemLocator.ConnectServer(".", "root\sms")
Set ProviderLoc = objectSWbemServices.InstancesOf("SMS_ProviderLocation")
'Connect to the Site Provider
For Each Location In ProviderLoc
If Location.ProviderForLocalSite = True Then
Set objectSWbemServices = objectSWbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
SiteCOde=Location.SiteCode
End If
Next
'Add instances to the SMS_PackageAccessByUsers class for Interactive\SYSTEM\Network users
Set Newuser= objectSWbemServices.Get("SMS_PackageAccessByUsers").SpawnInstance_()
'"101" - readonly
'"511" - FullAcess
Newuser.Access = "101"
Newuser.username = "[""Display=\Interactive"",""AccountType=user""]MSWNET:[""SMS_SITE=" & SiteCode & """]user=\Interactive\"
Newuser.PackageID=PackageID
Path=Newuser.Put_
Newuser.Access = "101"
Newuser.username = "[""Display=\SYSTEM"",""AccountType=user""]MSWNET:[""SMS_SITE=" & SiteCode & """]user=\SYSTEM\"
Newuser.PackageID=PackageID
Path=Newuser.Put_
Newuser.Access = "101"
Newuser.username = "[""Display=\NETWORK"",""AccountType=user""]MSWNET:[""SMS_SITE=" & SiteCode & """]user=\NETWORK\"
Newuser.PackageID=PackageID
Path=Newuser.Put_
Wscript.Echo "Modified Access for " + packageID + " on Site " + sitecode
SET Newuser=Nothing
else
Wscript.echo "Usage is ::: drive:\>cscript ACLModify.vbs <PACKAGEID>"
end if
'*** end of script
Script is attached for the reference.
Note: This is not an official Microsoft tool/script and just something that I created for my own personal use. As such, Microsoft makes no warranties or guarantee's regarding the applicability of this utility, nor does Microsoft support the use of this tool in any way. This is just one of those 'use at your own risk' type of things that hopefully you'll find helpful.
Jeevan Bisht | Support Escalation Engineer