General - Security settings

The architecture of SCCM Manager provides various ways to control access to its services and to various SCCM objects.

Control Panel

A user group permission can be defined in each function group and subordinate plug-in. This results in only those areas being displayed in the SCCM Manager for which the respective user group has authorization. These security settings only become active once the Enable Security option has been activated.

Multiple groups can be specified, separated by |. Example: Domain\Group1|Domain\Group2|Domain\Group3

In addition, the wildcard character * can be used to achieve dynamic group authorization. Example: Domain\Prefix-*-Postfix

Note that some plugins can be integrated multiple times with different configurations, allowing for particularly granular permission control.

Computer Scoping

Group-based computer filtering can be enabled in the web.config configuration file of the web service. The configuration parameter for this is ComputerFilterEnabled. The group permissions are set in the UserPermissions.xml configuration file.

Client authentication

This functionality is required if communication to clients is to take place across domains or if the server is not entered as the local administrator on the clients to be managed. One user with administrator privileges can be specified per domain. For more information, see Configuration / Web Service / Credentials.

SOAP-Header Security

So that only certain applications can interact with the SCCM Web Service, it is possible to switch on SOAP header security. This results in access only being possible with a specific SOAP header. This header can be generated with the enclosed class library SCCMWebService.Token.dll. It is also necessary to adapt the configuration file Token.xml. For more information, see API / Web Service API.

System requirements

Preparation

Installation

Deployment

Client Loader

General Overview

Basic Configuration

General - Windows Remote Management

General - Security settings

Plugin Configuration

General - Linked Server

Client - Start Parameters

Client - Configuration

Client - Administration

Client - Translations

Client - Download & Execute

WebService - Configuration

WebService - Login Information

WebService - Permissions

WebService - Computer search

SQL Replacement Strings

Client Installation

Server Konfiguration Client Loader

Client Setup

Client Migration

Reporting & Monitoring

Remote Control

Software Deployment

OS Deployment

Custom Inventory

Language translations

Client - Desktop

Client - Computer search

Client - Computer lists

Client - Administration

Client - Function groups

Client - Actions (Plugins)

Sever - Dynamic GUI Editor

Server - Computer Datasheet Editor

Computer Cache

Introduction

Add Computer

Advertisesments

Browser

Clear PXE

Client Actions

Client Creator

Client Operations

Client Settings

Collection Editor

Collection Lists

Collection Manager

Collection Membership Viewer

Computer Datasheet

Computer Variables

Custom Inventory

Custom Logs

Database Connection

Delete Computer

Event Viewer

Executer

Installed Software

Kafka Service

Language Translations

SCCM Logging

Power Control Settings

Power Shell

Process Manager

Product Match Rule Editor

Queue Service

Remote Control

Remote Desktop

Rerun Package

Reset Computer

Service Manager

Software Installation

Software Assignment

Webservice Cache

Client Creator Service

Web Service API