Understanding the System Center Orchestrator Management Group

Applies To: Orchestrator 2012 Beta

During System Center 2012 - Orchestrator installation, you specify the user group that will access the Runbook Designer and Deployment Manager. The users in this group are granted access to the Policies, Computer Groups, Runbook Servers and Global Settings folders.

The Setup wizard makes the following changes to the configurations within DCOM, within Orchestrator, and to local user groups.

Local group

If you use a local group on the management server (as opposed to an Active Directory group), the following changes are made:

• Grant Local Launch, Activation and Access permissions to the management server DCOM.

• Grant Full Control permissions to the System Center Orchestrator features. The group is added to the Orchestrator database PERMISSIONS table.

Note that if you are using a local group, you can only access the Runbook Designer on the computer where the management server is installed. If you must access the Runbook Designer remotely, use an Active Directory group instead of a local group.

Active Directory group

If you use an Active Directory group, the following changes are made:

• Grant Local and Remote Launch, Activation, and Access permissions to the management server DCOM.

• Grant Full Control permissions to the System Center Orchestrator features. The group is added to the Orchestrator database PERMISSIONS table.

• Add the group to the Distributed COM Users group on the management server. A user that is part of this group can launch the Runbook Designer from a remote computer.

-----
For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----