How to Remove an Object Association with a Security Scope
Updated: November 1, 2013
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager
Removing a security scope from an object instance is as simple as deleting the Windows Management Instrumentation (WMI) SMS_SecuredCategoryMembership class instance. However, object instances must have at least one security scope associated with them. The last object instance can never be removed. Every object is created with the Default security scope, and if all other security scopes are to be removed from an object instance, the Default should be added to it before removal.
Important |
|---|
You must have administrative rights to the scope and the object you are removing it from. If you do not have the correct permissions, removing a scope from that object instance will fail. Removing the last scope from an object will be unsuccessful and will fail. |
Tip |
|---|
To remove multiple objects to a scope, use the RemoveMemberships Method in Class SMS_SecuredCategoryMembership. |
To remove a security scope from an object
Set up a connection to the SMS Provider.
Determine the object’s key property identifier.
Determine the object type identifier.
Determine the scope identifier.
Find an instance of the SMS_SecuredCategoryMembership WMI class that matches the .
Delete the instance.
Example
The following code example removes a scope identifier from a package:
Sub RemoveObjectScope(connection, scopeId, objectKey, objectTypeId)
Dim assignment
' Find the existing scope assignement that matches our parameters.
Set assignment = connection.Get("SMS_SecuredCategoryMembership.CategoryID='" & scopeId & "',ObjectKey='" & objectKey & "',ObjectTypeId=" & objectTypeId)
If (assignment Is Nothing) Then
Err.Raise 1, "RemoveObjectScope", "Unable to find matching scope, object, and object type."
Else
assignment.Delete_
End If
End Sub
public void RemoveObjectScope(WqlConnectionManager connection, string scopeId, string objectKey, int objectTypeId) { // Find the existing scope assignement that matches our parameters. IResultObject assignment = connection.GetInstance("SMS_SecuredCategoryMembership.CategoryID='" + scopeId + "',ObjectKey='" + objectKey + "',ObjectTypeID=" + objectTypeId.ToString()); // Make sure we found the scope. if (assignment == null) throw new System.Exception("Unable to find matching scope, object, and object type."); else assignment.Delete(); }
Compiling the Code
The C# example requires:
Microsoft.ConfigurationManagement.ManagementProvider
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine
adminui.wqlqueryengine
microsoft.configurationmanagement.managementprovider


The example method has the following parameters:
Parameter
Type
Description
connection
Managed: WqlConnectionManager
VBScript: SWbemServices
A valid connection to the SMS Provider.
scopeId
String
The identifier of the security scope.
objectKey
String
The key property value of the object.
objectTypeId
Integer
The type identifier of the object referenced in the objectKey parameter.