Preparation

Windows Remote Management

The SCCM web service uses Windows Remote Management (WinRM) for administrative management of the clients. To ensure its function, the following checklist must be observed.
Windows service for WinRM enabled on the server and startup type set to Automatic
Windows service for WinRM enabled on all clients to be managed and startup type set to Automatic
Port configured for WinRM
If the policy for executing PowerShell scripts on the managed clients is set to RemoteSigned, all PowerShell scripts in the WebService directory PS1 must be signed.
Firewall rule created for WinRM
The web service has administrative access to the clients to be managed (depending on the configured account of the IIS Application Pool "SCCM Manager Pool"; default: Local System)

To create a new user login, Microsoft SQL Server Management Studio is required.

There it is necessary to connect to the server where the SCCM database is located.

On the corresponding server, expand the "Security" folder and open the context menu of the "Logins" folder. There, the entry "New Login..." must be selected.

There you have to enter the domain and the name of the server where the SCCM Manager database is located. Since it is a computer user, a "$" must be added to the end of the name. In this example the item "Windows authentication" is also selected. Optionally the SCCM database can be selected as "Default database".

Switch to the "User Mapping" tab on the left and select the SCCM database there. There you have to give the user the permission to read the database (db_datareader). With "OK" the UUser login is created.

Database

During the automatic installation a database with the name "SCCMManager" is created. This requires an account with the appropriate permission. In addition, this account must have read permissions on the SCCM database.

Create "Full Administrator" user

The computer on which SCCM Manager is installed must be added as a "Full Administrator" user on the SCCM server assigned to it. To create a "Full Administrator" user, the Microsoft Endpoint Configuration Manager is required.

There, the menu item "Administration" must be selected. New users can be added in the "Security" folder under "Administraive Users".

The new user can now be created in the "Add User or Group" window. To do this, a name must first be entered. By clicking on "Browse...", existing users can be automatically selected from the domain.

In order to automatically fill in computer names via "Check Name", "Computers" must be selected under "Object Types". The computer is added via "OK".

Under "Assigned security roles", the security role "Full Administrator" must now be selected by clicking on "Add". Confirm with "OK".

Under "Assigned security scopes and collections", the first item must be selected. Confirm with "OK". Now a "Full Administrator" user has been created for the computer.

Additional information about the client configuration

For the use of SCCM Manager it is recommended to grant the system account of the server administrative permissions on the clients to be managed. This is done by adding the system account to the group of "local administrators" of the clients to be managed.

For more information:

The LocalSystem Account

Sceurity Considerations for All Services

Service Security and Access Rights

LocalSystem Account privileges

System requirements

Preparation

Installation

Deployment

Client Loader

General Overview

Basic Configuration

General - Windows Remote Management

General - Security settings

Plugin Configuration

General - Linked Server

Client - Start Parameters

Client - Configuration

Client - Administration

Client - Translations

Client - Download & Execute

WebService - Configuration

WebService - Login Information

WebService - Permissions

WebService - Computer search

SQL Replacement Strings

Client Installation

Server Konfiguration Client Loader

Client Setup

Client Migration

Reporting & Monitoring

Remote Control

Software Deployment

OS Deployment

Custom Inventory

Language translations

Client - Desktop

Client - Computer search

Client - Computer lists

Client - Administration

Client - Function groups

Client - Actions (Plugins)

Sever - Dynamic GUI Editor

Server - Computer Datasheet Editor

Computer Cache

Introduction

Add Computer

Advertisesments

Browser

Clear PXE

Client Actions

Client Creator

Client Operations

Client Settings

Collection Editor

Collection Lists

Collection Manager

Collection Membership Viewer

Computer Datasheet

Computer Variables

Custom Inventory

Custom Logs

Database Connection

Delete Computer

Event Viewer

Executer

Installed Software

Kafka Service

Language Translations

SCCM Logging

Power Control Settings

Power Shell

Process Manager

Product Match Rule Editor

Queue Service

Remote Control

Remote Desktop

Rerun Package

Reset Computer

Service Manager

Software Installation

Software Assignment

Webservice Cache

Client Creator Service

Web Service API