FIX Issues with SCCM RBAC Clear Required PXE Deployments Options

FIX Issues with SCCM RBAC Clear Required PXE Deployments Options. Clear Required PXE Deployments is a regularly used option in SCCM / ConfigMgr.

What I recently found is that Operating System Deployment Managers (default security role) are not able to perform the above-mentioned function by right-clicking on a device.

FIX Issues with SCCM RBAC Clear Required PXE Deployments Options

Full Administrators won’t face this issue. The clear PXE option is available in SP1 beta. I’m not able replicate this issue in Service Pack 1 version of ConfigMgr 2012.

FIX Issues with SCCM RBAC Clear Required PXE Deployments Options
FIX Issues with SCCM RBAC Clear Required PXE Deployments Options

The Clear Required PXE deployment option is available in the ribbon menu. However, this will clear the required PXE boot deployments of all the members assigned to this site in this collection.

Patch My PC

The members NOT assigned to this site will not be affected.  So basically, it’s collection based clear PXE deployments and we don’t normally use this option because it will clear the PXE for all the members of that collection.

FIX Issues with SCCM RBAC Clear Required PXE Deployments Options
FIX Issues with SCCM RBAC Clear Required PXE Deployments Options
image
FIX Issues with SCCM RBAC Clear Required PXE Deployments Options

I’ve done some analysis on this. Following are steps that you need to follow to get this option available for Operating System Deployment Managers or any other security roles.

1. The security role should have “Modify Resource” access on Collection. Collection –-> Modify Resource –> Yes.

1E Nomad

2.

image
FIX Issues with SCCM RBAC Clear Required PXE Deployments Options

Administrative User/s (for e.g Operating System Deployment Manager)  should be part of “All Systems” and “All Users and User Groups” collections irrespective of Security Scopes.

Note :: If you remove any of those (above mentioned) collections from the administrative user then the option to clear the PXE will get removed. Providing modify access to “All Systems” and “All Users and User Groups” is not a good idea.

The work around for this issue is to create a separate collection for PXE clear devices. If you want to clear PXE advert of a device then move that device into that collection and then do “Clear Required PXE Deployments”. This collection would act as temporary holding place for the device/s which we need to clear PXE adverts. I know there is slightly more administrative work involved in this method. However, it better than providing “modify resource” access to all the systems and users.

No need for much worry, as I can see this issue is not there in System Center 2012 Configuration Manager SP1 version (beta).

To know more about other issues we normally face during RBA implementation and How to fine-tune RBA in your organization, you can go through my posts – Post 1 and FIX Default Client Settings Issue With SCCM Security Role Infra Admin HTMD Blog (anoopcnair.com)

1 thought on “FIX Issues with SCCM RBAC Clear Required PXE Deployments Options”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.