web analytics


How to Associate an Object with a Security Scope

Posted by:

To assign an object a security scope

  1. Set up a connection to the SMS Provider.
  2. Determine the object’s key property identifier.
  3. Determine the object type identifier.
  4. Create a new instance of the SMS_SecuredCategoryMembership WMI class,
    setting the scope identifier, object key, and object type values
  5. Save the SMS_SecuredCategoryMembership object instance.


In these examples I associate a Boundary Group with a Security Group. If you want to associate an object with a Security Scope you need to indentify the correct ObjectTypeID and Object Key value. Possible ObjectTypeID values are:

For example, if you want to associate a Boundary Group with a Security Scope, then you need to query from SMS_BoundaryGroup GroupID property value, if Global Condition, then query from SMS_GlobalCondition ModelName property.

Example Output

You can download the code examples from here

About the Author:

Kaido Järvemets is a developer, consultant, trainer specializing in Microsoft System Center Configuration Manager and PowerShell Solutions at Coretech. Kaido frequently speaks at European conferences and had his US debut as speaker at MMS April 2013. Kaido is well-known in the Configuration Manager communities where he’s a key player in the PowerShell game. Kaido host one of the most complete Configuration Manager PowerShell library’s in the world with hundreds of free code samples ready to download and implement – www.cm12sdk.net. Kaido has been awarded Microsoft Most Valuable Professional (MVP) in Microsoft Enterprise Client Management for his work with Configuration Manager from 2011 – to present. Kaido is the founder of System Center User Group Estonia in 2011.


  1. Thom  January 9, 2015

    Thank you for this post.
    I try to set a security scope to a Software Update Group and tested some of your examples, but i always get a generic failure.
    I got the ObjectTypeID and UpdateGroupID from the Get-CMSoftwareUpdateGroup cmdlet and the SecurityScopeCategoryID from a SQL Query of the SMS_CISecuredScope Table.
    Any Tip what i possibly got wrong?


Add a Comment