Microsoft

System Center Configuration Manager Feedback

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building System Center Configuration Manager, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) Please note that the System Center Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos which you do not want to grant a license to Microsoft. See the “User Voice Terms of Service” link below for more information.

How can we improve Configuration Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RBA on the Folder level

    Currently Administrators have the ability to set Role Based Access to Collections but we do not have the ability to block access to specific folders. Currently in my environment we have many different departmental administrators who need to manage only their machines and their collections. each time we add collections we then need to grant them access. if the Role Based Administration gave the ability to grant access on the folder level it would reduce the complexity for area's that have a setup similar to mine.

    I have attached a screenshot of how my setup looks.

    309 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      Noted  ·  10 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
    • Create a new option in RBAC that disallows a user from modifying ONLY a maintenance window, but allows for other device collection changes.

      Currently if you disable the modification of settings in a device collection through RBAC, you cannot modify ANY settings. I wish there was a way to only disallow the modification of Maintenance Windows.

      22 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
      • Include the Reports Viewer Role out of the box

        Why not automatically include a reports viewer security role out of the box with CM? As a consultant I install CM from scratch regularly and always have to add this role manually as every customer wants it.

        Brian Mason and Kent Agerlund give examples here:
        http://www.mnscug.org/blogs/brian-mason/162-report-user-role
        http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/

        13 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
        • Apply Security Scopes to Folders/RBA Access for Folders

          It would be great if you could apply a security scope to a folder to prevent accidental deletion, and to also allow that scope to propagated down to objects within the folder

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            2 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
          • Elevated Access - Delete Collections

            Full Administrators should have the ability to delete collections no matter what roles are assigned. Currently in our environment we have multiple roles that have access to various collections and once a collection is created it cannot be deleted unless it is removed from a large number of roles.

            Request to have the ability to delete with confirmation, this will remove the collection (if empty) no matter what assignments are set on it.

            4 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              Noted  ·  0 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
            • RBA Role Prompt when launching console

              Many of the other System Center products allow a single user account to have many different roles assigned, and instead of merging them like Configuration Manager does, they prompt at login which role should be applied. This allows an admin for example, to have one account that they can manage all workstations, but then reopen the same console and choose a different role to manage all servers. This would solve many issues that come up when dealing with scoping issues where an object that was created do not have the correct scopes applied. It will also address a concern that…

              3 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
              • ability to apply security scopes to deployments

                would be great if we could set security scopes on deployments. we offer sccm as a service to multiple groups using RBA. one group provides applications that can be viewed by all other groups. unfortunately they cannot see all of the deployments made from these applications as they only have visibility to their own devices/collections.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
                • Create JEA templates for diffrent SCCM roles

                  Just Enough Administrator (JEA https://msdn.microsoft.com/en-us/library/dn896648.aspx) is something that would increase security and enable support personell to troubleshoot SCCM on clients/server without giving them full administrator rights.

                  Maybe you could provide JEA templates that match the diffrent RBAC roles in SCCM.

                  For example a JEA Patch Admin template could allow the following:
                  - Read SCCM logs
                  - Read Windowsupdate.log
                  - Restart the Windows Update service
                  - Read WMI related to Updates
                  - and so on.

                  Providing templates like this would simplify the process of getting started with JEA. It would be even better if MS could provide templates for other…

                  2 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
                  • Move RBAViewer into the console

                    RBA Viewer has been overlooked for too long and offers a lot of great features over the admin console. Why not combine the features into the console?

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
                    • Set Security Scopes for MAM Policy

                      Application Management Policies can't be scoped by Security Scopes in RBA. There's multiple team that manage MAM policies and we don't want to show all MAM policies to both teams. Having the ability to set security scopes will restrict the chance of major consequences and security issue.
                      Thanks

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  RBA  ·  Flag idea as inappropriate…  ·  Admin →
                      • Don't see your idea?

                      Feedback and Knowledge Base