Istanbul/Turkey

15- RBA Viewer and Installing SCCM Console to a Client Computer

There are many different built-in Security Roles on SCCM, you can assign these roles to your users, managers or administrators. In this article, I will create and assign a custom role that will let  Remote Control and Application Deployment functionalities to our users who are in helpdesk group. Helpdesk users will also be able to search users and they ca see the users' primary devices. If you haven't done so, first we need to download and install System Center 2012 R2 Configuration Manager Toolkit from the link below.

http://www.microsoft.com/en-us/download/details.aspx?id=36213

 

 

Start RBA Viewer that comes with System Center 2012 R2 Configuration Manager Toolkit. Click Security Roles and remove the check next to Full Administrator.

 

Add the rights below.

For Application:

Give Read permission

 

For Collection:

Give Read, Remote Control, Read Resource, Control AMT, Deploy Packages, Deploy Applications permission

 

For User Device Affinities:

Give Read permission

 

For Package:

Give Read permission

 

Click Export and save the security role we modified to Documents folder. Name that file as HelpdeskRemoteSupport.xml and close RBA Viewer.

 

 

Navigate Administration/Security. Right click SecurityRoles, select  Import Security Roles  and import HelpdeskRemoteSupport.xml 

 

I will assign this custom role to the Active Directory group named  ClientAdmins. We have helpdesk users in that group. Right click Administrative Users, select Add User or Group and then select Client Admins and assign HelpdeskRemoteSupport security role to Client Admins as below.

 

 

Now we can install console to our helpdesk users' computers. Copy the folder named ConsoleSetup to a USB Flash Disk from  Site Server's C:\Program Files\Microsoft Configuration Manager\tools. Run consolesetup.exe and enter Site Server FQDN like below.

 

 

Choose No and click Next

 

 

Next and finish the installation wizard. If you have console connection problems on the computers, you can check C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\AdminUILog altındaki SmsAdminUI.log file.

 

Important Note: The user or group account you are using for remote connection (ClientAdmins group in my example) has to be local admin on the client computer. Otherwise, you can not connect to the remote computer.

About RBA Viewer, you can find more info in the following links.

Howard Hoy - Role-Based Administration in System Center 2012 Configuration Manager

Configuration Manager Role-Based Administration 

 

 

 

 

 

 

  • Hits: 10220