Defining permissions requires configuring access rights in the Config Mgr. console and adding objects to predefined groups on the site server. In this example I am defining permissions to the service desk role.
Role description:
- Access to a user defined administrator console.
- Permissions to work with all objects in the “All workstations” collection.
- Permissions to to use remote tools.
- Permissions to read inventory data from the console and from reports.
- Permissions to read software packages and advertisements
- Permissions to read status messages.
- Permissions to create and read queries.
To solve this case I have granted these Config Mgr. permissions:
| Object Class/Instance | Permissions |
| Collection, All Workstations | Read, Read Resource, Use remote tools |
| Package | Read |
| Advertisement | Read |
| Status Message | Read |
| Report | Read |
| Query | Read, Modify, Create |
| Site | Read |
If Service desk also requires permissions to install the Config Mgr agent from the console they need Read permissions to the Site class.
Group membership on the site server:
- SMS admins
- Distributed COM users
- SMS Reporting Users
Group membership on local computer:
This post was originally posted to http://agerlund.spaces.live.com/blog/cns!3A51A2B50B5C1F51!548.entry April 7-2009
Posted
07-09-2009 21:21
by
Kent Agerlund