Don’t miss this free educational webcast offering insights into five areas of change in System Center 2012 Configuration Manager. Microsoft MVP Matthew Hudson presents an “insider’s look” at some of the key changes that lie ahead and offer insights to help SCCM administrators get ready for SCCM 2012. Along with an overview of the changes in System Center Configuration Manager from 2007 to 2012, this webcast offers insight into these five areas of SCCM 2012: Hierarchy Simplification RBAC Deployment Types Software Updates Collections About the Presenter: Matthew Hudson, MCTS, Microsoft Configuration Manager MVP, SCCM Expert Matthew Hudson has been in IT for over 20 years and has been working with Microsoft Systems Center Configuration Manager for over six years. After working for The Texas A&M University System for more than a decade, he recently joined Schlumberger as an SCCM Systems Engineer where he manages SCCM on tens of thousands of systems. In addition to working with SCCM on a daily basis, Matthew is a frequent contributor to Microsoft System Center Configuration Manager community forums, manages a Systems Center Configuration Manager Tips & Tools website at http://www.sccm-tools.com/, and maintains a System Center Configuration Manager Tips & Tricks blog at http://www.sms-hints-tricks.blogspot.com/.

1. Role-Based Administration
Matthew Hudson, MVP
© 2012 SolarWinds Worldwide, LLC. All Rights Reserved.
1

2. Today’s Presentation
» Hosts
 Lawrence Garvin, Product Manager, SolarWinds
 Matthew Hudson, MVP
» Producer: Catherine Jackson
» The bulk of this presentation is live demo.
» Ask questions!
 Don’t wait until the end, ask away – use chat feature.
» Today’s session is being recorded.
 Recorded session on SolarWinds.com
 Slides available on slideshare.net
2

3. Which is it?
Role-Based Administration (RBA)
or
Role Based Access Control (RBAC)
3

4. Role Based Access Control
» Manage
 Security roles (Class)
 Security scopes (Instance)
 Collections
» Full Administrator: This security role grants all permissions in Configuration Manager.
» Asset Analyst: This security role allows administrative users to view data collected by using Asset
Intelligence, software inventory, hardware inventory, and software metering. Administrative users
can create metering rules and Asset Intelligence categories, families, and labels.
» Software Update Manager: This security role grants permissions to define and deploy software
updates. Administrative users who are associated with this role can create collections, software
update groups, deployments, templates, and enable software updates for Network Access
Protection (NAP).
» Read-Only Analyst: Grants permissions to view all Configuration Manager objects.
» Application Author: Grants permissions to create, modify, and retire applications. Administrative
users who are associated with this role can also manage applications, packages.
» Application Administrator: Grants permissions to perform both the Application Deployment
Manager role and the Application Author role. Administrative users who are associated with this
role can also manage queries, view site settings, manage collections, and edit settings for user
device affinity
4

5. Role Based Access Control
» Application Administrator
» Application Author
» Application Deployment Manager
» Asset manager
» Compliance Settings Manager
» Full Administrator
» Infrastructure Administrator
» Operating system Deployment Manager
» Operations Administrator
» Read-only Analyst
» Remote Tools Operator
» Security Administrator
» Software Update Manager
5

6. Role Access
6

7. John Security Admin
Special Access
Resource Access
7

8. Administrator Read only Analyst w/ Collection Scope
8

9. Security Scopes
» Assets and Compliance
 Software Metering
» Software Library
 Deployment Packages
» Administration
 Site Configurations
• Sites
• Client Settings
 Distribution Points
 Distribution Point Groups
9

10. Scopes
Security > Administrative user > Properties
 Security Scopes
10

11. Set a Security Scope
11

12. Process
» Security Scopes – Create Security Scope
» Set scopes – Client Settings / Set Security Scope
 Create account
 Add Account to Configuration Manager
 Select User
 Select the Role for the use
 Select Security Scopes / Create
» Add the Security Scope if necessary / Edit
12

13. Planning
» Collections:
 Functional Organization, Geographic Alignment, Security
Requirements, Organization Alignment
» Security Scopes
 All, Default
» Types for Scopes
 Applications, Packages, Boot images, Sites, Custom Client settings, DP,
DP Groups, Software update groups
» No Security Scopes
 Administrative Users, Security Roles, Default Client settings,
Boundaries, Site Addresses, Site system roles
13

14. Demo
Role Based Administration in
Configuration Manager 2012
14

15. Resources
» Introducing Role-Based Administration in System Center 2012
Configuration Manager
 http://blogs.technet.com/b/configmgrteam/archive/2011/09/23/introduci
ng-role-based-administration-in-system-center-2012-configuration-
manager.aspx
» Role-Based Administration in System Center 2012 Configuration
Manager
 http://blogs.technet.com/b/hhoy/archive/2012/03/07/role-based-
administration-in-system-center-2012-configuration-manager.aspx
» What’s new:
 http://technet.microsoft.com/en-us/library/gg699359.aspx
» Security and Compliance:
 http://technet.microsoft.com/en-us/library/gg682033.aspx
» Patch Management Tips & Best Practices:
 PatchZone.org
© 2012 SolarWinds Worldwide, LLC. All Rights Reserved.
15