Manage Security Scopes
Applies to: Patch My PC Publisher Available at level: All Custom Products, All Products, Vendor, Product Available on tab: ConfigMgr Apps
Overview
The Manage Security Scopes option allows you to control which ConfigMgr security scopes are applied to applications created by the Publisher.
During each synchronization, the Publisher applies the selected security scopes to any applications it creates in ConfigMgr. This ensures applications are visible and manageable only by administrators who have access to the assigned scopes.
The list of available security scopes is pulled directly from your ConfigMgr environment. You can refresh the list using the refresh button in the top right corner.
The list supports filtering using the Filter items field, and the visible columns can be customized by right-clicking the column headers.
Enforce Security Scopes
You can optionally enable Enforce selected security scopes.
When enforcement is enabled, the Publisher ensures that only the selected scopes remain assigned to the application. If additional scopes are added manually in the ConfigMgr console, the Publisher will remove those scopes during the next synchronization.
This option is useful when you want to maintain strict control over application visibility and prevent scope drift caused by manual changes.
Important
When the Publisher runs on the ConfigMgr site server, no additional permissions are required. The Local System account already has the necessary rights to read and assign security scopes.
Additional permissions are required only when the Publisher is installed on a remote server and connects to ConfigMgr.
If you are using a custom ConfigMgr security role for the Publisher in a remote deployment, that role must include the following permissions:
Application > Set Security Scope
Security Scopes > Read
If you are using the Patch My PC security role that is created when configuring the SMS Provider integration, these permissions are already included.
Last updated
Was this helpful?