How to go about ConfigMgr'07 role based security model?
As we are aware that ConfigMgr'07 admin full access provide a lot of privilege to manage all desktop in an enterprise so it’s critical to manage the ConfigMgr admin access with role based security model. And recently we have introduced the new security group model for managing ConfigMgr operations and having least admin access on ConfigMgr as role based which is very much align to ConfigMgr out of box security classes.
Below are the list of sample security groups we provisioned in AD and same configured in ConfigMgr admin console with equivalent access rights to manage the role based security in ConfigMgr'07.
Hope this helps in your planning for securing ConfigMgr'07 admin access with role based security model.
More details for ConfigMgr security planning are available on following link : http://technet.microsoft.com/en-us/library/bb680768.aspx
|
Sample Security Group |
Security Group Definition |
|
ConfigMgr_Web_Reporting_Consumers |
This group contains members who needs to view ConfigMgr reports. |
|
ConfigMgr_SQLDB_Consumers |
This group contains members who need to have read access ConfigMgr Database for data feed or reporting purpose. |
|
ConfigMgr_Detail_Consumers |
This group contains members who need to read all details about a given SMS/ConfigMgr site. |
|
ConfigMgr_Monitoring_Providers |
This group contains members which perform monitoring functions on the ConfigMgr servers |
|
ConfigMgr_Software_Deployment_Providers |
This group contains members who that need to write package deployment items. |
|
ConfigMgr_Patch_Management_Providers |
This group contains the members who need to create patch deployments. |
|
ConfigMgr_Collection_Providers |
This group contains the members that need to create & manage collections. |
|
ConfigMgr_Advertisement_Providers |
This group contains the members who that need to create & manage advertisements. |
|
ConfigMgr_OSD_Provider |
This group contains the members who need to create ConfigMgr OSD objects. |
|
ConfigMgr_DCM_Provider |
This group contains members who need to create ConfigMgr DCM objects. |
|
ConfigMgr_Software_Metering_Provider |
This group contains the members that need to create ConfigMgr Software Metering objects. |
|
ConfigMgr_DeviceMgmt_Provider |
This group contains members who need to create ConfigMgr DMP objects. |
|
ConfigMgr_Report_Provider |
This group contains the objects that need to create ConfigMgr web reports. |
|
ConfigMgr_Client_Troubleshooting_Provider |
This group contains objects that need to access ConfigMgr client logs. |
|
ConfigMgr_Infrastructure_Providers |
This group contains the members who need to change ConfigMgr site settings and have full access for ConfigMgr |
|
ConfigMgr_Troubleshooting_Providers |
This group contains the troubleshooting teams that provide escalation and resolution services. |
