Configuration Manager Permissions

Granting Advanced Insights a role in ConfigMgr. Not required for Patch Insights.

For various Configuration Manager console actions and features to work, the accounts running the IIS App Pools need to have permissions to connect to your SMS Provider Server.

Note: If you installed Advanced Insights on an SMS Provider Server then you may not have to configure any permissions for this to work.

By default, the IIS App Pools run under the local computer account of your Advanced Insights Server.

⚙ Add the IIS Pool Account To ConfigMgr Security Role

  1. Open the ConfigMgr console and navigate to Administration > Security > Administrative Users > click Add User or Group

  2. Choose the User/Computer account running your IIS App Pools. In our example we are adding the local computer account of our server named "SCCM"

  3. Assign them the Operations Administrator role (or optionally a custom role)

⚙ Use a Custom Security Role (Optional)

If you wish to adhere to the "Principle of Least Privilege" then you can download the XML file below and import it as a security role into ConfigMgr. This role grants the lowest possible privileges.

To import the security role XML file, open the ConfigMgr console and navigate to Administration > Security > Security Roles > click Import Security Role.

Last updated