Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Create JEA templates for diffrent SCCM roles

Just Enough Administrator (JEA https://msdn.microsoft.com/en-us/library/dn896648.aspx) is something that would increase security and enable support personell to troubleshoot SCCM on clients/server without giving them full administrator rights.

Maybe you could provide JEA templates that match the diffrent RBAC roles in SCCM.

For example a JEA Patch Admin template could allow the following:
- Read SCCM logs
- Read Windowsupdate.log
- Restart the Windows Update service
- Read WMI related to Updates
- and so on.

Providing templates like this would simplify the process of getting started with JEA. It would be even better if MS could provide templates for other products as well. This would increase security for many companies and would be a great way to help people start using JEA.

7 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Mattias shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base