I have a series of actions contained in a task that will be kicked off by regional admins as policies and I don’t want them to have the option to change or modify the action in anyway except to target machines. So far I’m able to do this with the exception of the ‘Applicability’ and 'Action Script" tabs.
Is there a way to create and/or lockdown an action so that all a CO has to do is target something and click ‘OK’ ?
The only way I know of preventing this is to open the BESAdmin, and uncheck the box allowing CO to Create Custom Content. Obviously this will impact all Fixlets, and will prevent the CO’s from being able to create there own Fixlets…
Fixlet A: relevant only if regkey or client setting is set to XX
Action: whatever you want it to do
Fixlet B:
Action: sets the regkey or client setting to XX
You have the regional admins run Fixlet B to set the key or setting. Once this is set, an open action from Fixlet A wil be relevant and run the action. The admins don’t need to have access to the running action for fixlet A at all.
This can work even if regional admins don’t have TEM access. They can manually set something on the computers that Fixlet A has in its relevance.