Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Create JEA templates for diffrent SCCM roles

Just Enough Administrator (JEA https://msdn.microsoft.com/en-us/library/dn896648.aspx) is something that would increase security and enable support personell to troubleshoot SCCM on clients/server without giving them full administrator rights.

Maybe you could provide JEA templates that match the diffrent RBAC roles in SCCM.

For example a JEA Patch Admin template could allow the following:
- Read SCCM logs
- Read Windowsupdate.log
- Restart the Windows Update service
- Read WMI related to Updates
- and so on.

Providing templates like this would simplify the process of getting started with JEA. It would be even better if MS could provide templates for other products as well. This would increase security for many companies and would be a great way to help people start using JEA.

7 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Mattias shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base