Security settings

The architecture of SCCM Manager provides various ways to control access to its services and to various SCCM objects.

Control Panel

In each function group and subordinate plugin, a user group permission can be defined. This leads to the fact that in the SCCM manager only those areas are indicated, to which the respective user group has a permission. These security settings become active only as soon as the option Enable Security has been activated.

Multiple groups can be specified, separated by |. Example: Domain\Group1|Domain\Group2|Domain\Group3

In addition, the wildcard character * can be used to achieve dynamic group authorization. Example: Domain\Prefix-*-Postfix

Note that some plugins can be integrated multiple times with different configurations, allowing for particularly granular permission control.

Computer Scoping

Group-based computer filtering can be enabled in the web.config configuration file of the web service. The configuration parameter for this is ComputerFilterEnabled. The group permissions are set in the UserPermissions.xml configuration file.

Client Authentication

This functionality is required if communication to clients is to take place across domains or if the server is not entered as the local administrator on the clients to be managed. One user with administrator privileges can be specified per domain. For more information, see Configuration / Web Service / Credentials.

SOAP-Header Security

So that only certain applications can interact with the SCCM Web Service, it is possible to switch on SOAP header security. This results in access only being possible with a specific SOAP header. This header can be generated with the included class library SCCMWebService.Token.dll. It is also necessary to customize the Token.xml configuration file. For more information, see API / Web Service API.