Sometimes the simplest solutions are the most effective. I was on site a few months ago and was asked by a fellow engineer whether I knew of an easy way to test SCOM console permissions without having to log into the local computer as each user. Sounds like an opportunity to script something up to me!
I decided to create a very simple PowerShell script which the customer could save on their desktop and just double-click each time they needed to test a new users security settings. Using this process, they were able to ensure that the permissions and scoping assigned to certain users/groups were correct prior to implementation.
1. I will paste the following code into Notepad and save it as a .PS1 file (Test.PS1)
Start-Process “C:\Program Files\System Center 2012\Operations Manager\Console\Microsoft.EnterpriseManagement.Monitoring.Console.exe” -LoadUserProfile -Credential (Get-Credential)
**Note: Be aware of the version you are using as the path will change based on version**
2. Double-click the test.ps1 icon. The Get-Credential cmdlet trigger the prompt for username and password. Enter the username and password (Domain\Username) of the user who’s security permissions you are testing.
3. Once the console opens, verify the users permissions and views to ensure your scoping and permissions are behaving as expected.
This posting is provided “AS IS” with no warranties.