Share via

Remove Collection from Multiple Users Scope

Vikram Midha 26 Reputation points
2021-04-08T19:27:02.297+00:00

Hi,

I have multiple collections which are part of security scope of multiple users. I cannot delete these until their security scope is removed.

Is there any script, which could be utilized to remove a particular collection security scope of multiple users, or any other suggestion to achieve this in the best and fastest way possible?

Thanks!

Microsoft Security | Intune | Configuration Manager | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. HanyunZhu-MSFT 1,846 Reputation points Microsoft External Staff
    2021-04-30T09:29:52.52+00:00

    Hi, @Vikram Midha

    Just checking in to see if there is any update. We haven't heard from you for a few days and would like to know the current status of the problem. Is the problem solved? Do you need any further assistance? Look forward to hearing from you.

    Thanks for your time.

    Best regards,
    Alan

    If the response is helpful, please click "Accept Answer"and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    0 comments
  2. HanyunZhu-MSFT 1,846 Reputation points Microsoft External Staff
    2021-04-09T06:11:29.317+00:00

    @Vikram Midha

    Thanks for posting in Microsoft Q&A forum.

    It is necessary to remove the security scope before deleting the collections.

    What I can provide are a quicker way to find out the specific users that be assigned as security scope to and the script to removes the association between one or more security scopes and an administrative user.

    To get a collection assigened as security scope to a user, please refer to the following script(replace collection name and sitecode):
    $cmdletLocaltion = 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'
    $collectionName = '<collectionName>'
    Import-Module $cmdletLocaltion
    cd <sitecode>:
    (Get-WmiObject -Namespace ROOT\SMS\SITE_<sitecode> -Class sms_admin | where {$_.CollectionNames -like $collectionName}).LogonName

    To remove the association between the security scope and the administrative user, below is the PowerShell command: (replace AdministrativeUserName and SecurityScopeName)
    Remove-CMSecurityScopeFromAdministrativeUser -AdministrativeUserName "< AdministrativeUserName >" -SecurityScopeName " <SecurityScopeName> "
    You can get more details from this article: https://learn.microsoft.com/en-us/powershell/module/configurationmanager/remove-cmsecurityscopefromadministrativeuser?view=sccm-ps

    Hope the above information is helpful to you.

    If the response is helpful, please click "Accept Answer"and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.