Configuration Manager Permissions
Granting Advanced Insights a role in ConfigMgr. Not required for Patch Insights.
Last updated
Was this helpful?
Granting Advanced Insights a role in ConfigMgr. Not required for Patch Insights.
Last updated
Was this helpful?
Applies to: Advanced and Patch Insights
For various Configuration Manager console actions and features to work, the accounts running the IIS App Pools need to have permissions to connect to your SMS Provider Server.
Note: If you installed Advanced Insights on an SMS Provider Server then you may not have to configure any permissions for this to work.
By default, the IIS App Pools run under the local computer account of your Advanced Insights Server.
Open the ConfigMgr console and navigate to Administration > Security > Administrative Users > click Add User or Group
Choose the User/Computer account running your IIS App Pools. In our example we are adding the local computer account of our server named "SCCM"
Assign them the Operations Administrator role (or optionally a custom role)
If you wish to adhere to the "Principle of Least Privilege" then you can download the XML file below and import it as a security role into ConfigMgr. This role grants the lowest possible privileges.
To import the security role XML file, open the ConfigMgr console and navigate to Administration > Security > Security Roles > click Import Security Role.
