Don’t miss this free educational webcast offering insights into five areas of change in System Center 2012 Configuration Manager. Microsoft MVP Matthew Hudson presents an “insider’s look” at some of the key changes that lie ahead and offer insights to help SCCM administrators get ready for SCCM 2012. Along with an overview of the changes in System Center Configuration Manager from 2007 to 2012, this webcast offers insight into these five areas of SCCM 2012:
Hierarchy Simplification
RBAC
Deployment Types
Software Updates
Collections
About the Presenter:
Matthew Hudson, MCTS, Microsoft Configuration Manager MVP, SCCM Expert Matthew Hudson has been in IT for over 20 years and has been working with Microsoft Systems Center Configuration Manager for over six years. After working for The Texas A&M University System for more than a decade, he recently joined Schlumberger as an SCCM Systems Engineer where he manages SCCM on tens of thousands of systems. In addition to working with SCCM on a daily basis, Matthew is a frequent contributor to Microsoft System Center Configuration Manager community forums, manages a Systems Center Configuration Manager Tips & Tools website at http://www.sccm-tools.com/, and maintains a System Center Configuration Manager Tips & Tricks blog at http://www.sms-hints-tricks.blogspot.com/.
2. Today’s Presentation
» Hosts
Lawrence Garvin, Product Manager, SolarWinds
Matthew Hudson, MVP
» Producer: Catherine Jackson
» The bulk of this presentation is live demo.
» Ask questions!
Don’t wait until the end, ask away – use chat feature.
» Today’s session is being recorded.
Recorded session on SolarWinds.com
Slides available on slideshare.net
2
3. Which is it?
Role-Based Administration (RBA)
or
Role Based Access Control (RBAC)
3
4. Role Based Access Control
» Manage
Security roles (Class)
Security scopes (Instance)
Collections
» Full Administrator: This security role grants all permissions in Configuration Manager.
» Asset Analyst: This security role allows administrative users to view data collected by using Asset
Intelligence, software inventory, hardware inventory, and software metering. Administrative users
can create metering rules and Asset Intelligence categories, families, and labels.
» Software Update Manager: This security role grants permissions to define and deploy software
updates. Administrative users who are associated with this role can create collections, software
update groups, deployments, templates, and enable software updates for Network Access
Protection (NAP).
» Read-Only Analyst: Grants permissions to view all Configuration Manager objects.
» Application Author: Grants permissions to create, modify, and retire applications. Administrative
users who are associated with this role can also manage applications, packages.
» Application Administrator: Grants permissions to perform both the Application Deployment
Manager role and the Application Author role. Administrative users who are associated with this
role can also manage queries, view site settings, manage collections, and edit settings for user
device affinity
4
12. Process
» Security Scopes – Create Security Scope
» Set scopes – Client Settings / Set Security Scope
Create account
Add Account to Configuration Manager
Select User
Select the Role for the use
Select Security Scopes / Create
» Add the Security Scope if necessary / Edit
12
13. Planning
» Collections:
Functional Organization, Geographic Alignment, Security
Requirements, Organization Alignment
» Security Scopes
All, Default
» Types for Scopes
Applications, Packages, Boot images, Sites, Custom Client settings, DP,
DP Groups, Software update groups
» No Security Scopes
Administrative Users, Security Roles, Default Client settings,
Boundaries, Site Addresses, Site system roles
13
14. Demo
Role Based Administration in
Configuration Manager 2012
14