Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Limit Client Push Accounts by Collection

To maintain consistency with Microsoft's Securing Privileged Access guidelines, an option to limit client push accounts to a specific collection would be ideal. This collection can further be limited to specific machines, specific domains, etc. For example, a client push account that is intended for Tier1 systems should not be used for Tier2 systems. By having the option to limit to a collection, a Tier1 client push account can only be used when performing client push on Tier1 systems. The same example applies for Tier0 versus Tier1 and Tier2.

Reference: https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/securing-privileged-access-reference-material

37 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Elias Leal shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment
  • Brandon Hilgeman commented  ·   ·  Flag as inappropriate

    I will upvote this, but I would prefer an exclusion collection instead. Let us turn on Site Wide Client Push for everything, but exclude certain collections.

Feedback and Knowledge Base