Defining permissions requires configuring access rights in the Config Mgr. console and adding objects to predefined groups on the site server. In this example I am defining permissions to the service desk role.

Role description:

  • Access to a user defined administrator console.
  • Permissions to work with all objects in the “All workstations” collection.
  • Permissions to to use remote tools.
  • Permissions to read inventory data from the console and from reports.
  • Permissions to read software packages and advertisements
  • Permissions to read status messages.
  • Permissions to create and read queries.

To solve this case I have granted these Config Mgr. permissions:

Object Class/Instance Permissions
Collection, All Workstations Read, Read Resource, Use remote tools
Package Read
Advertisement Read
Status Message Read
Report Read
Query Read, Modify, Create

 

If Service desk also requires permissions to install the Config Mgr agent from the console they need Read permissions to the Site class.

Group membership on the site server:

  • SMS admins
  • Distributed COM users
  • SMS Reporting Users

Group membership on local computer:

  • Local administrator