Did you get this error message when trying to import the Cloud Service MP runbooks into Orchestrator?

Capture

 

This is because the Cloud Service MP is not actually testing to see if the user that is running the setup actually has the required permissions by asking Orchestrator.  It is looking for something very specific:  It wants to see if the logged in user is directly a member of a local security group called OrchestratorUsersGroup.  You must also be running the setup on a Orchestrator management server.

Regardless of how you configured security for Orchestrator you need to have the logged in user be a member of a local group on the server called ‘OrchestratorUsersGroup’ in order to get past the prereq checker.

The Orchestrator setup explicitly recommends using a domain group to grant permissions so assuming people are following instructions I expect quite a few people will hit this when installing CSPP.

Default:

clip_image002[7]

Normally should be changed to a domain group…

image

Of course, you still need to have permissions to write to the root folder in order to be able to create a new folder and import the new runbooks but you can actually get those permissions from however you configured it when you set up Orchestrator – probably by using a domain group and putting your user account in it.

Note: If you chose to use a domain account during the inital setup of Orchestrator you will not have a local OrchestratorUsersGroup.  You will need to create it manually.