Before creating the console scope, you need two things: a computer group that contains the computers of interest, and user accounts. Administration of accounts is easier if they are in a security group, but they don’t have to be.
The following are the steps that Leaky Faucet follows to grant the necessary accounts permissions to the management group:
Create a domain security group and populate it with the accounts that will be using the custom console scope. Leaky Faucet creates the user accounts LKFRemoteSiteAdmin1, 2, and 3, and places them in a newly created domain security group LKFRemoteSiteAdmins (see Figure 6-2).
Figure 6-2. Leaky Faucet’s domain security group for remote site administrators
On all the management servers in the management group, add the security group that was created in step 1 to the MOM Users local group. This grants permission to launch the Operator console and assigns servers to the default console scope (MOM User). The assigned scope will be overridden when the individual accounts are associated with the custom console scope. Remember, a user account can only be associated with one scope at a time. In cases where an account might be associated with multiple scopes, such as the default and a custom scope, the most recently created account/scope association takes precedence.
Only user accounts can be named in a console scope, ...