# Insights Configuration Manager Permission requirements

*Applies to: Patch My PC Advanced and Patch Insights*

For various Configuration Manager **console actions** and **features** to work, the accounts running the IIS App Pools need to have permissions to connect to your SMS Provider Server. 

{% hint style="info" %}
Please note, the "Patch My PC Actions" are our custom actions and require the use of our Inventory Extensions.

You can find detailed instructions here: [Inventory Extensions Custom Client Actions](/patch-my-pc-insights/advanced-insights-inventory-extensions/insights-custom-client-actions.md).
{% endhint %}

<figure><img src="/files/12LZ53dExr5xj4Fu3D9J" alt=""><figcaption><p>Highlighted actions all require permission on your SMS Provider Server</p></figcaption></figure>

{% hint style="info" %}
Note: If you installed Advanced Insights on an SMS Provider Server then you may not have to configure any permissions for this to work.
{% endhint %}

By default, the **IIS App Pools** run under the local computer account of your Advanced Insights Server.&#x20;

<figure><img src="/files/Hxg0TSrtmJ1oNXsrxZ4H" alt=""><figcaption></figcaption></figure>

***

### ⚙ Add the IIS Pool Account To ConfigMgr Security Role

1. Open the ConfigMgr console and navigate to **Administration** > **Security** > **Administrative Users** > click **Add User or Group**
2. Choose the User/Computer account running your IIS App Pools. In our example we are adding the local computer account of our server named "SCCM"
3. Assign them the **Operations Administrator** role[ (or optionally a custom role)](#use-a-custom-security-role-optional)

<figure><img src="/files/84PB6T62R4bL0ZCrKNYW" alt=""><figcaption></figcaption></figure>

***

### ⚙ Use a Custom Security Role (<mark style="color:yellow;">Optional</mark>)

If you wish to adhere to the "Principle of Least Privilege" then you can download the XML file below and import it as a security role into ConfigMgr. This role grants the lowest possible privileges.

{% file src="/files/5zV41VIEPY43f5eVl5la" %}

To import the security role XML file, open the ConfigMgr console and navigate to **Administration** > **Security** > **Security Roles** > click **Import Security Role**.

<figure><img src="/files/rkP3rcNW3hiQqNxAPmbM" alt=""><figcaption></figcaption></figure>

***

### ⚙Allow RPC traffic (<mark style="color:yellow;">If using remote server</mark>)

If you are using a remote Advanced Insights server there are these requirements to use any console actions or features:

* The Remote Procedure Call (RPC) service must be running
* Firewall must allow RPC Traffic (TCP ports: **135**, **RPC dynamic ports (49152–65535)**

Details on how to configure a firewall rule to allow this traffic can be found here:&#x20;

<https://learn.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with-vista>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.patchmypc.com/patch-my-pc-insights/insights-configuration-manager-permission-requirements.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.