Hello! How can I create a group that will have all rights like "Operartions Manager Administrators" but without ability for agent-tasks executing? Or maybe to disable any custom tasks in SCOM, so no one will be able to create and run them on monitored computers? Thanks in advance! Any information will be appreciated!

>Get-UserRole Id : 597f9d98-356f-4186-8712-4f020f2d98b4 Name : OperationsManagerAdministrators DisplayName : Operations Manager Administrators Description : The Operations Manager Administrators user role is c reated at setup time and cannot be deleted. This rol e must contain one or more global groups. IsSystem : True IsScopeFixed : True LastModified : 6/26/2010 1:57:08 PM LastModifiedBy : Scope : Microsoft.EnterpriseManagement.Monitoring.Security.M onitoringUserRoleScope MonitoringProfile : Administrator MonitoringProfileDisplayName : Administrator Users : {TESTLAB\Domain Admins, TESTLAB\AG-00011} ManagementGroup : TESTLAB ManagementGroupId : 44fc4e28-8853-38b2-6d67-5b64b86cd169 Maybe it is possible to change IsScopeFixed parameter in database and limit all tasks for Administrators? Any ideas?

I've tried it, but it seems that if user is in this role nothing can be limited, even if you limited it in gui...

Dubious. Administrator role is super user. Operator role can execute tasks - a lesser role.Microsoft Corporation

You can't limit what an administrator can do - the administrator role is globaly scoped and functionality cannot be restricted.View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

So you think that there's no way to do it? Now, I'm trying to create own ProfileId in dbo.Operation table(OPSMGR db). But I can't find ProfileOperation which is for task creation and execution(Task__Execute??).

OK then! How can I create a new role with administative pane available?

Hi There is no way to do this - you need to add users to the administrator role for them to see the administration tab (add them to the OpsMgr Admins group that you created before the install and specified during install.) If you would like more granular security (a lot of us would) then please post an enhancement request at http://connect.microsoft.com Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Thanks for reply! But I can't find SCOM in products list on http://connect.microsoft.com

ok! Maybe it is possible to create mp which will stop execution of any agent tasks and task creation?