SCCM | Intune | Windows 365 | Windows 11 Forums

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

SCCM - Allowing a group of users to remote control a single device.

atkinspd

Member
Messages
7
Reaction score
0
Points
1
SCCM - Allowing a group of users to remote control a single device.

Does anyone know of a way after creating a group (possibly in Active Directory) of users? Then I would like to allow this recently created group remote access (CmRcViewer.exe) to a single PC.
I have a situation here in which I want to give all operation managers the ability to connect to a wallboard to updates stats. But I don't want to give them them access to any other devices across the site.

Kind regards
 
That should work. Have you tried it? What isn't working for you?
 
That should work. Have you tried it? What isn't working for you?
Hi Garth
I have added a test account to the group I wish to lock down to remotely access a single device. When I log in with this test account and open SCCM, I'm unable to see the single device listed. I'm also unable to remote to the device via the CmRcViewer.exe, either using DNS or I.P address.
 
Hi Garth
I have added a test account to the group I wish to lock down to remotely access a single device. When I log in with this test account and open SCCM, I'm unable to see the single device listed. I'm also unable to remote to the device via the CmRcViewer.exe, either using DNS or I.P address.
What security roles have you assigned this sec group within ConfigMgr? Why not use RDP directly, e.g. what use CM RC?
 
What security roles have you assigned this sec group within ConfigMgr? Why not use RDP directly, e.g. what use CM RC?
The users are unable to use RDP as they have no facility to use a mouse and keyboard on the dashboard PC. Once RDP is disconnected it causes the PC to lock out. The only permissions I've added is remote tools. Within the 'Set Viewers' I have added the AD group containing all of the users. Thanks
 
The users are unable to use RDP as they have no facility to use a mouse and keyboard on the dashboard PC. Once RDP is disconnected it causes the PC to lock out. The only permissions I've added is remote tools. Within the 'Set Viewers' I have added the AD group containing all of the users. Thanks
You still need to give them ConfigMgr right to read a collection that houses the Device in question. otherwise they will not see anything when connected to ConfigMgr console. There might be other right needed too. but the should be fairly
 
You still need to give them ConfigMgr right to read a collection that houses the Device in question. otherwise they will not see anything when connected to ConfigMgr console. There might be other right needed too. but the should be fairly
Thanks Garth. Are you able to explain how I would do this please? I believe this is where I am stuck.
 
There are no big tricks to this.

  • Create a sec group in AD
  • Create a Collection for the devices that host the sign
  • Create a ConfigMgr Security role
  • Assigned the AD group to the Sec group and limit to the collection.
  • Test that everything is right.

To get started the ConfigMgr Security role, either use a built in role and add/remove permissions until you grant only what you want or download the Base RBA Security role within this zip in this blog. (the link issue has been fixed now) https://www.recastsoftware.com/resources/how-to-grant-permission-to-a-single-sccm-ssrs-report/

With the Base file:
  • Download the zip and extract the base file.
  • Import it to ConfigMgr.
  • Copy it with a new name
  • Edit the permission on collection, add at least the RC right.
  • Then do the steps above but this this new sec role.
 
Last edited:
Back
Top