Today I will be discussed about if you have multiple forest and Enable Role base access to other forest user for SCCM Report Access. It will work but in Hours it will get access revoked.  I will be discussed to resolve it.

Below is details steps bring in to the solutions:
Role Based Administration in SCCM Current Branch, SCCM will switch a flag in the registry. The key is HKLM\SOFTWARE\Microsoft\SMS\SRSRP, The value name is “EnableRbacReporting”. SCCM sets this value to 1,

No user from trusted domains can run the reports. Regardless what rights the user have in SCCM. When this happens, we have to set the value back to 0 and restart reportserver for it to work again. But minutes or hours later, SCCM sets the value back to 1 and we are lost again. But if you have an account in the same domain (Where SCCM is installed), you can run the reports all the time, regardless of this registry setting.
Follow below steps to bring in to solutions On the server where SSRS is installed 
Step 1: Open ‘wbemtest’ with admin rights:

Step 2: Connect to: root\sms\site_<SiteCode>


Step 3.    In query section type following query and hit apply:
Select * from sms_sci_sysresuse where itemname like '%reporting%'

Step 4:  Check the populated entry to make sure it’s the reporting point where we wish to make the change: à    Double click on it:

Step 5: Select ‘props’ from Property window:

Step 6: Click ‘view embedded’:

Step 7:   A number of properties are populated:

Step 8:  We are to find property with name ‘EnableRbacReporting’. We will have to select each one and then click on ‘show mof’ till the time we find what we are looking for. In our test we did find it to be second from last ,however this is completely random.

Step 9: Close out of the ‘show mof’ window and select ‘value ’ from property pane: à  Change the value from ‘1(0x1)’ to ‘0’à  Click Save property,save object,close,save property,save object:

Step 10:  Repeat the same for other value: ‘value 2’:


Step 11 : Now run the SQl query again to verify the values have changed in DB as well:
SELECT SRU.RoleName, SRU.ServerName, SRUP.* FROM vSMS_SC_SysResUse SRU JOIN vSMS_SC_SysResUse_Properties SRUP ON SRU.ID = SRUP.ID
WHERE SRU.RoleName = 'SMS SRS Reporting Point' AND SRUP.Name = 'EnableRbacReporting'

Step 12: Finally verify the value in Registry:

After changing reporting start working as normal for other forester users.
Note: Please make sure remember made changes if any case you can have backup for restore. 
Happy Learning!!!

Thanks & Regards,
Haresh Hirani
Email: [email protected]
Follow me: Twitter @hirravi1
linkedin: https://www.linkedin.com/in/hiraniconfigmgr