Understanding Role-Based Administration in Microsoft SCCM

Video Guide

 

Overview

• In this video guide, we will review how to set up role-based administration System Center Configuration Manager. This guide will cover all the essential components required for RBA including security roles, security scopes, and collections. We will cover how to use RBA to split workstation and server admins as well as two different departments. We will also review using default security roles and custom security roles and using custom scopes.

Topics in Video

• Introduction to security roles, security scopes, and collections for use in RBA - https://youtu.be/YCNPOShpp5Q?t=37
• Review AD security groups for splitting workstation and server admins and two difference departments - https://youtu.be/YCNPOShpp5Q?t=253
• Splitting up server and workstation admins with full administrator security role - https://youtu.be/YCNPOShpp5Q?t=333
• Split up "College of Finance" and "College of Healthcare" using collections and then create custom security scopes and security roles for this scenario - https://youtu.be/YCNPOShpp5Q?t=617
• Creating global security scope to allow different admins to see common enterprise applications and deploy those applications - https://youtu.be/YCNPOShpp5Q?t=1211
• Review non-scopable objects and how that looks access departments - https://youtu.be/YCNPOShpp5Q?t=1435
• Copy built-in security role and create a custom security role from it - https://youtu.be/YCNPOShpp5Q?t=1606
• Using RBAViewer to create a custom security role and analyze different permissions on the fly - https://youtu.be/YCNPOShpp5Q?t=1685
• Review permissions needed to perform client push - https://youtu.be/YCNPOShpp5Q?t=1811
• Review custom permissions around applications - https://youtu.be/YCNPOShpp5Q?t=1952

Helpful Resources:

• Fundamentals of role-based administration for System Center Configuration Manager - /en-us/sccm/core/understand/fundamentals-of-role-based-administration
• Benefits of role-based administration - /en-us/sccm/core/understand/fundamentals-of-role-based-administration#benefits-of-role-based-administration
• Security roles in RBA - /en-us/sccm/core/understand/fundamentals-of-role-based-administration#bkmk_Planroles
• Collections in RBA - /en-us/sccm/core/understand/fundamentals-of-role-based-administration#bkmk_planCol
• Security scopes in RBA - /en-us/sccm/core/understand/fundamentals-of-role-based-administration#bkmk_PlanScope
• Configure role-based administration for Configuration Manager - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration
• Create custom security roles - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration#BKMK_CreateSecRole
• Configure security roles - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration#BKMK_ConfigSecRole
• Configure security scopes for an object - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration#BKMK_ConfigSecScope
• Configure collections to manage security - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration#BKMK_ConfigColl
• Create a new administrative user - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration#BKMK_Create_AdminUser
• Modify the administrative scope of an administrative user - /en-us/sccm/core/servers/deploy/configure/configure-role-based-administration#BKMK_ModAdminUser
• Non-Current branch users can get RBAViwer from the ConfigMgr toolkit - https://www.microsoft.com/en-us/download/details.aspx?id=50012