How to create a user that has full rights to only one admin group and cannot see other managed groups [KSC for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations".

Step-by-step guide

1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC.
2. Login to KSC admin server using admin account and go to KSC admin server →  Monitoring → Administration server →  Configure functionality displayed in user interface →  check the box Display security settings section.
3. Close KSC admin console and re-open it again in order to apply the feature.
4. Go to KSC admin server →  server properties →  security →  + internal user.
5. Don't assign Roles to the created user and only assign Rights.
6. The assigned Rights should be allow-all except Management of administration groups as per below.

7. Go to Managed devices →  properties →  security →  uncheck inherit settings →  assign the right to the user as per below.

8. For admin groups that the user will not manage (e.g. servers in this scenario).

9. For admin group that the user will manage (e.g. virtualized in this scenario).

10. Disconnect from KSC admin server and login to KSC console using the created user and you will find that he has access to only virtualized admin group as per below.