Preparation

Windows Remote Management

~~Der~~The SCCM ~~Webservice~~web ~~nutzt~~service uses Windows Remote Management (WinRM) ~~zur~~for ~~administrativen~~administrative ~~Verwaltung~~management ~~der~~of ~~Clients.~~the Umclients. ~~dessen~~To ~~Funktion~~ensure zuits ~~gewährleisten,~~function, ~~ist~~the ~~folgende~~following ~~Checkliste~~checklist zumust ~~beachten.~~be observed.
Windows ~~Dienst~~service ~~für~~for WinRM ~~auf~~enabled ~~dem~~on ~~Server~~the ~~aktiviert~~server ~~und~~and ~~Starttyp~~startup ~~auf~~type ~~Automatisch~~set to Automatic
Windows ~~Dienst~~service ~~für~~for WinRM ~~auf~~enabled ~~allen~~on zuall ~~verwaltenden~~clients ~~Clients~~to ~~aktiviert~~be ~~und~~managed ~~Starttyp~~and ~~auf~~startup ~~Automatisch~~type set to Automatic
Port ~~für~~configured for WinRM ~~konfiguriert~~
~~Wenn~~If ~~die~~the ~~Richtlinie~~policy ~~zur~~for ~~Ausführung von~~executing PowerShell ~~Scripten,~~scripts ~~auf~~on ~~den~~the zumanaged ~~verwaltenen~~clients ~~Clients,~~is ~~auf~~set ~~RemoteSigned~~to ~~gestellt~~RemoteSigned, ~~ist, müssen alle~~all PowerShell ~~Scripte,~~scripts in ~~dem~~the ~~WebService-Verzeichnis~~WebService ~~PS1,~~directory ~~signiert~~PS1 ~~werden~~must be signed.
~~Firewall-Regel~~Firewall ~~für~~rule created for WinRM ~~erstellt~~
~~Der~~The ~~Webservice~~web ~~hat~~service ~~administrativen~~has ~~Zugriff~~administrative ~~auf~~access ~~die~~to zuthe ~~verwaltenden~~clients ~~Clients~~to be managed (~~abhängig~~depending ~~vom~~on ~~konfigurierten~~the ~~Account~~configured ~~des~~account of the IIS Application ~~Pools~~Pool "SCCM Manager Pool"; ~~Standard:~~default: Local System)

UmTo ~~einen~~create ~~neuen~~a ~~User~~new ~~Login~~user ~~zu erstellen, wird das~~login, Microsoft SQL Server Management Studio ~~benötigt.~~is required.

~~Dort~~There ~~muss~~it ~~sich~~is ~~mit~~necessary ~~dem~~to ~~Server~~connect ~~verbunden~~to ~~werden,~~the ~~auf~~server ~~dem~~where ~~die~~the ~~SCCM-Datenbank~~SCCM ~~liegt.~~database is located.

~~Auf~~On ~~dem~~the ~~entsprechenden~~corresponding ~~Server,~~server, ~~den~~expand ~~Ordner~~the "Security" ~~aufklappen~~folder ~~und~~and ~~das~~open ~~Kontextmenü~~the ~~des~~context menu of the "Logins"~~-Ordners~~ ~~öffnen.~~folder. ~~Dort~~There, ~~muss~~the ~~der Eintrag~~entry "New Login..." ~~ausgewählt~~must ~~werden.~~be selected.

~~Dort~~There ~~muss~~you ~~die~~have ~~Domäne~~to ~~und~~enter ~~der~~the ~~Name~~domain ~~des~~and ~~Servers~~the ~~eingegeben~~name ~~werden~~of ~~auf~~the ~~dem~~server ~~sich~~where ~~die~~the SCCM ~~Manager-Datenbank~~Manager ~~befindet.~~database Dais eslocated. ~~sich~~Since umit ~~einen~~is ~~Computer-Benutzer~~a ~~handelt~~computer ~~muss~~user, ~~am Ende des Names ein~~a "$" ~~hinzugefügt~~must ~~werden.~~be added to the end of the name. In ~~diesem~~this ~~Beispiel~~example ~~wird~~the ~~zusätzlich der Punkt~~item "Windows authentication" ~~ausgewählt.~~is ~~Optional~~also ~~kann~~selected. ~~als~~Optionally the SCCM database can be selected as "Default database" ~~die SCCM-Datenbank ausgewählt werden.~~.

~~Links~~Switch zuto ~~dem Reiter~~the "User Mapping" ~~wechseln~~tab ~~und~~on ~~dort~~the ~~die~~left ~~SCCM-Datenbank~~and ~~auswählen.~~select ~~Dort~~the ~~muss~~SCCM ~~dem~~database ~~Nutzer~~there. ~~die~~There ~~Berechtigung~~you ~~gegeben~~have ~~werden~~to ~~die~~give ~~Datenbank~~the ~~lesen~~user zuthe ~~dürfen~~permission to read the database (db_datareader). ~~Mit~~With "OK" ~~wird der~~the UUser ~~Login~~login ~~erstellt.~~is created.

DatenbankDatabase

~~Während~~During ~~der~~the ~~automatischen~~automatic ~~Installation~~installation ~~wird~~a ~~eine~~database ~~Datenbank~~with ~~mit~~the ~~dem~~name ~~Namen~~"SCCMManager" ~~„SCCMManager“~~is ~~erstellt.~~created. ~~Dazu~~This ~~wird~~requires ~~ein~~an ~~Account~~account ~~mit~~with ~~der~~the ~~entsprechenden~~appropriate ~~Berechtigung~~permission. ~~benötigt.~~In ~~Außerdem~~addition, ~~muss~~this ~~dieser~~account ~~Account~~must ~~Leseberechtigungen~~have ~~auf~~read ~~die~~permissions ~~SCCM-Datenbank~~on ~~haben.~~the SCCM database.

"Full Administrator"-Benutzer erstellen

~~Der Computer auf dem der~~ ~~SCCM Manager~~ ~~installiert ist, muss auf dem ihm zugewiesenem SCCM Server, als~~Create "Full Administrator"~~-Benutzer~~ ~~hinzugefügt~~user ~~werden.~~

The ~~Zum~~computer ~~erstellen~~on ~~eines~~which SCCM Manager is installed must be added as a "Full Administrator"~~-Benutzer~~ ~~wird~~user ~~der~~on the SCCM server assigned to it. To create a "Full Administrator" user, the Microsoft Endpoint Configuration Manager ~~benötigt.~~is required.

~~Dort~~There, ~~muss~~the ~~der~~menu ~~Menüpunkt~~item "Administration" ~~ausgewählt~~must ~~werden.~~be Imselected. ~~dem~~New ~~Ordner~~users can be added in the "Security" ~~können~~folder ~~unter~~under "Administraive Users" ~~neue Benutzer hinzugefügt werden.~~.

InThe ~~dem~~new ~~Fenster~~user can now be created in the "Add User or Group" ~~kann~~window. ~~nun~~To ~~der~~do ~~neue~~this, ~~Benutzer~~a ~~erstellt~~name ~~werden.~~must ~~Dazu~~first ~~muss~~be ~~zunächst~~entered. ~~eine~~By ~~Name~~clicking ~~angeben werden. Per Klick auf~~on "Browse...", ~~können~~existing ~~automatisch~~users ~~schon~~can ~~vorhandene~~be ~~Benutzer~~automatically ~~aus~~selected ~~der~~from ~~Domäne~~the ~~ausgewählt werden.~~domain.

~~Damit~~In ~~über~~order to automatically fill in computer names via "Check Name", ~~auch~~"Computers" ~~Computernamen~~must ~~automatisch~~be ~~ausgefüllt~~selected ~~werden, muss unter~~under "Object Types",. ~~"Computers"~~The ~~ausgewählt~~computer ~~werden.~~is ~~Per~~added via "OK" ~~wird der Computer hinzugefügt.~~.

~~Unter~~Under "Assigned security roles", ~~muss~~the ~~per~~security ~~Klick auf "Add" jetzt die Security Role~~role "Full Administrator" ~~ausgewählt~~must ~~werden.~~now ~~Mit~~be selected by clicking on "Add". Confirm with "OK" ~~bestätigen.~~.

~~Unter~~Under "Assigned security scopes and collections", ~~muss~~the ~~der~~first ~~erste~~item ~~Punkt~~must ~~auswählt~~be ~~werden.~~selected. ~~Mit~~Confirm with "OK". ~~bestätigen.~~Now ~~Jetzt wurde ein~~a "Full Administrator"~~-Benutzer~~ ~~für~~user ~~den~~has ~~Computer~~been ~~erstellt~~created for the computer.

ZusätzlicheAdditional Informationinformation zurabout Client-Konfigurationthe client configuration

~~Für~~For ~~den~~the ~~Einsatz~~use ~~des~~of SCCM ~~Managers~~Manager ~~wird~~it ~~empfohlen,~~is ~~dem~~recommended ~~Systemkonto~~to ~~des~~grant ~~Servers,~~the system account of the server administrative ~~Berechtigungen~~permissions ~~auf~~on ~~die~~the zuclients ~~verwaltenen~~to ~~Clients~~be zumanaged. ~~gewähren.~~This ~~Dies~~is ~~geschieht~~done ~~durch~~by ~~das~~adding ~~Hinzufügen~~the ~~des~~system ~~Systemkontos~~account ~~zur~~to ~~Gruppe~~the ~~der~~group ~~„lokalen~~of ~~Administratoren“~~"local ~~der~~administrators" zuof ~~verwaltenden~~the ~~Clients.~~clients to be managed.

~~Weitere~~For ~~Informationen~~more ~~dazu:~~information:

The LocalSystem Account

Sceurity Considerations for All Services

Service Security and Access Rights

LocalSystem Account privileges