Operator account unable to manage any worsktations

Usage and Config Platform
1

(imported topic written by murtasma91)

We have an operator who is unable to manage any workstations in their site.

Delegation Configuration

  1. We have a site that all computers are automatically subscribed to. Inside this site there is an automatic gorup, the group looks for a special file on the workstation (a custom property we created) and the active directory path.

  2. An action is setup that runs against all workstations that are members of the group above and subscribes the workstation to another custom site (Navy).

  3. Inside the Navy site there is a duplicate of the automatic computer gorup in #1. This group is then used on the operator account to control delegation.

We have over 40 sites in our envrioment that are configured very similar but with different groups and sites. This process has seemed to work well for Console Operator delegation.

When I view the 2 automatic groups (One in the Master Operator Site and one in the Navy site the members of each group are identical which is expected). The console operator account that is unable to manage these workstation in the Navy Site Automatic group group has read/write premissions to the Navy site. I double checked the delegation rights for the Console Operator and it’s using the correct scope gorup Navy:Navy Scope Group. However when viewing the tab that shows what computers he is able to manage none show up.

The groups appear to be correctly populated, the operator has rights to the site, the correct site is selected for delegation on the operator account.

2

(imported comment written by MrFixit)

What you are doing is similar to the scheme I have implemented for both site subscription and management rights but I use a location properity as one of the values that controls membership. I’ve not had the issue that you are describing but here are a couple of things to try.

Does that operator show up as able to manage those systems? You can check what is reported into the console as well as what is reflected in the registry of one of the systems. There should be an enrty for the operator. If there is then I would suspect that the operator’s cache is messed up and have that completely refreshed.

I will often create another account to mimic the one that you are having trouble with and see if it is something very unique to that account or something not quite working expected elsewhere. That might lead you to recreating an account for that operator if that works fine.

When creating sites and deleting and re-creating sites of same names you can get into issues where the managed nodes are confused. I ran into this a couple times in my lab and just moved on to using a new site name to get past the issue.