CMPivot - How to change the scope

less than 1 minute read

CMPivot - Changing the scope

CMPivot is cool and all, but you are required to have the Default security scope in order to use it. This really makes it hard to get your users to adopt it if you have RBAC set up the way Microsoft has been asking us to do it for forever.

“Here’s a great tool for your helpdesk, just let them see everything!”


So I’ve played around with it on the backend, and have come up with a solution that lets you select what SCOPEs can run CMPivot!

First, the proof!

I created a SCOPE called CMPivotDemo and assigned a user to that scope, removing Default. I then tried to run CMPivot:


As we all know, CMPivot is a fancy UI on top of a CM Script. If you just assign the CM Script called “CMPivot” to the scope your user is in, they can then launch CMPivot! This is achievable through PowerShell:

$Script = Get-CMScript -ScriptName 'CMPivot' -Fast
Add-CMObjectSecurityScope -Name 'CMPivotDemo' -InputObject $Script

In your environment, just change CMPivotDemo to the name of the scope you want to access CMPivot. Run the script and…


Leave a Comment