The tasks are integrated into management packs and presented in the console when you select an object that is correlated with that task. As far as granular security goes with R2, I think you are in a pickle here, because if they are operators then they can execute tasks and tasks will allow the use of a run as account or with their own creds. I am not certain you can restrict this.Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

How can I restrict a group of console users from being able to launch computer management from the console? It allows them to act as the runas account instead of their own privilege level. I need to have operators that can only ping a server or do SCOM maintenance mode changes. This is for 2007 R2.

The tasks are integrated into management packs and presented in the console when you select an object that is correlated with that task. As far as granular security goes with R2, I think you are in a pickle here, because if they are operators then they can execute tasks and tasks will allow the use of a run as account or with their own creds. I am not certain you can restrict this.Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

Blake is correct, this cannot be restricted. With Role-based security you can restrict which tasks the user is allow to submit to agents, but you cannot prevent them from launching an app which is already on their computer - unless you restrict that thru Windows Policies, outside of SCOM.

Hi, Please also see if this can be achieved with roles: Role-based Security in Operations Manager 2007 http://technet.microsoft.com/en-us/library/bb735424.aspx Hope this helps. Thanks. Nicholas Li TechNet Community Support