getting Security Scopes of SCCM folder

since version 1906 SCCM supports role-based access control (RBAC) for folders. This can be configured trough the SCCM console or (recommended) PowerShell.

unfortunattely the current version of the commandlet Get-CMObjectSecurityScope doesn’t support any folder as InputObject. so, if you want to know, which Security Scope is allowed to see a folder, you have to use this:

to add or remove any SecurityScopes to a Folder, you can use this build-in commandlets:

 

Leave a Reply