Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Role-Based Administration


Published on

Don’t miss this free educational webcast offering insights into five areas of change in System Center 2012 Configuration Manager. Microsoft MVP Matthew Hudson presents an “insider’s look” at some of the key changes that lie ahead and offer insights to help SCCM administrators get ready for SCCM 2012. Along with an overview of the changes in System Center Configuration Manager from 2007 to 2012, this webcast offers insight into these five areas of SCCM 2012:

Hierarchy Simplification
Deployment Types
Software Updates

About the Presenter:
Matthew Hudson, MCTS, Microsoft Configuration Manager MVP, SCCM Expert Matthew Hudson has been in IT for over 20 years and has been working with Microsoft Systems Center Configuration Manager for over six years. After working for The Texas A&M University System for more than a decade, he recently joined Schlumberger as an SCCM Systems Engineer where he manages SCCM on tens of thousands of systems. In addition to working with SCCM on a daily basis, Matthew is a frequent contributor to Microsoft System Center Configuration Manager community forums, manages a Systems Center Configuration Manager Tips & Tools website at, and maintains a System Center Configuration Manager Tips & Tricks blog at

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Role-Based Administration

  1. 1. Role-Based Administration Matthew Hudson, MVP© 2012 SolarWinds Worldwide, LLC. All Rights Reserved. 1
  2. 2. Today’s Presentation» Hosts  Lawrence Garvin, Product Manager, SolarWinds  Matthew Hudson, MVP» Producer: Catherine Jackson» The bulk of this presentation is live demo.» Ask questions!  Don’t wait until the end, ask away – use chat feature.» Today’s session is being recorded.  Recorded session on  Slides available on 2
  3. 3. Which is it? Role-Based Administration (RBA) or Role Based Access Control (RBAC) 3
  4. 4. Role Based Access Control» Manage  Security roles (Class)  Security scopes (Instance)  Collections» Full Administrator: This security role grants all permissions in Configuration Manager.» Asset Analyst: This security role allows administrative users to view data collected by using Asset Intelligence, software inventory, hardware inventory, and software metering. Administrative users can create metering rules and Asset Intelligence categories, families, and labels.» Software Update Manager: This security role grants permissions to define and deploy software updates. Administrative users who are associated with this role can create collections, software update groups, deployments, templates, and enable software updates for Network Access Protection (NAP).» Read-Only Analyst: Grants permissions to view all Configuration Manager objects.» Application Author: Grants permissions to create, modify, and retire applications. Administrative users who are associated with this role can also manage applications, packages.» Application Administrator: Grants permissions to perform both the Application Deployment Manager role and the Application Author role. Administrative users who are associated with this role can also manage queries, view site settings, manage collections, and edit settings for user device affinity 4
  5. 5. Role Based Access Control» Application Administrator» Application Author» Application Deployment Manager» Asset manager» Compliance Settings Manager» Full Administrator» Infrastructure Administrator» Operating system Deployment Manager» Operations Administrator» Read-only Analyst» Remote Tools Operator» Security Administrator» Software Update Manager 5
  6. 6. Role Access 6
  7. 7. John Security Admin Special Access Resource Access 7
  8. 8. Administrator Read only Analyst w/ Collection Scope 8
  9. 9. Security Scopes» Assets and Compliance  Software Metering» Software Library  Deployment Packages» Administration  Site Configurations • Sites • Client Settings  Distribution Points  Distribution Point Groups 9
  10. 10. ScopesSecurity > Administrative user > Properties  Security Scopes 10
  11. 11. Set a Security Scope 11
  12. 12. Process» Security Scopes – Create Security Scope» Set scopes – Client Settings / Set Security Scope  Create account  Add Account to Configuration Manager  Select User  Select the Role for the use  Select Security Scopes / Create» Add the Security Scope if necessary / Edit 12
  13. 13. Planning» Collections:  Functional Organization, Geographic Alignment, Security Requirements, Organization Alignment» Security Scopes  All, Default» Types for Scopes  Applications, Packages, Boot images, Sites, Custom Client settings, DP, DP Groups, Software update groups» No Security Scopes  Administrative Users, Security Roles, Default Client settings, Boundaries, Site Addresses, Site system roles 13
  14. 14. Demo Role Based Administration in Configuration Manager 2012 14
  15. 15. Resources » Introducing Role-Based Administration in System Center 2012 Configuration Manager  ng-role-based-administration-in-system-center-2012-configuration- manager.aspx » Role-Based Administration in System Center 2012 Configuration Manager  administration-in-system-center-2012-configuration-manager.aspx » What’s new:  » Security and Compliance:  » Patch Management Tips & Best Practices: © 2012 SolarWinds Worldwide, LLC. All Rights Reserved. 15