If you use Role Based Administration in SCCM 2012, SCCM will switch a flag in the registry. The key is HKLM\SOFTWARE\Microsoft\SMS\SRSRP, the value name is “EnableRbacReporting”. SCCM sets this value to 1, and then no user from trusted domains can run the reports, regardless what rights the user have in SCCM. When this happens, we have to set the value back to 0, and restart reportserver for it to work again. But minutes or hours later, SCCM sets the value back to 1 and we are lost again. But if you have an account in the same domain(Where SCCM is installed), you can run the reports all the time, regardless of this registry setting.
On the server where SSRS is installed.
1.) Open ‘wbemtest’ with admin rights
2.) Connect to: root\sms\site_<SiteCode>
3.) In query section type following query and hit apply:
Select * from sms_sci_sysresuse where itemname like '%reporting%'
4.) Check the populated entry to make sure it’s the reporting point where we wish to make the change:
5.) Double click on it
6.) Select ‘props’ from Property window:
7.) Click ‘view embedded’:
8.) A number of properties are populated:
9.) We are looking for the property with name ‘EnableRbacReporting’. We will have to select each one and then click on ‘show mof’ till the time we find what we are looking for. In our test we did find it to be second from last ,however this is completely random and it may be placed somewhere else in your QA/Production environment:
10.) Close out of the ‘show mof’ window and select ‘value ’ from property pane:
11.) Change the value from ‘1(0x1)’ to ‘0’:
12.) Click Save property,save object,close,save property,save object:
13.) Repeat the same for other value: ‘value 2’
14.) Now run the SQl query again to verify the values have changed in DB as well:
SELECT SRU.RoleName, SRU.ServerName, SRUP.* FROM vSMS_SC_SysResUse SRU
JOIN vSMS_SC_SysResUse_Properties SRUP ON SRU.ID = SRUP.ID
WHERE SRU.RoleName = 'SMS SRS Reporting Point' AND SRUP.Name = 'EnableRbacReporting'
15.) Finally verify the value in Registry
