How To Introduce Employee Monitoring To Your Employees

The wizard will close and you will see the group added to the list. This will ensure that all Domain Administrators will have full access to your SCCM environment now. Add any other users/groups with permissions as may be necessary to your environment and then proceed.

Next, click on Security Roles. Here you will see all of the 14 built-in roles available in SCCM. Next, click on Security Scopes. There are two scopes defined by default, the All and Default scopes. You can also create custom security scopes. By default, Full Administrators are in the All scope, which means that you will have permissions of their role for every object in the Configuration Manager environment. This is another way of assigning granular permissions if you would like to protect applications and packages. At this point in the installation, and in most cases, leaving the default is ok here.

The Accounts and Certificates sections we will not be addressing at this point. We’ll be moving on to the Site Configuration, where the first thing we will do is configure a security related item, the SCCM Agent account.

Navigate to Site Configuration > Sites. Right-click on the name of your site and select Client Installation Settings > Client Push Installation. On the General tab leave the defaults.

I highly recommend that you do not enable the “Enable automatic site-wide client push installation” checkbox.

The reason for this is that if you set certain properties on your Client Settings section, covered later in this guide, you could cause reboots of all of your production servers once the agent is pushed (or pulled via Group Policy, depending on your configuration). In almost every case, you will be integrating SCCM into your existing production environment, not vice-versa. Therefore we want to avoid any unintended consequences of this option. We System Administrators like our jobs and want to keep them, right?

Leave default for FSP settings.

Leave defaults for Asset Intelligence.

Enter Proxy, if applicable.

Specify how often Asset Intelligence synchronization occurs.

Select HTTPS radio button, and leave other defaults as Application Catalog website will run under the default site.

Leave the defaults here, ensure you site server is selected, the NetBIOS name is the hostname of your SCCM server, and that HTTPS is selected.

Name your catalog and select a color.

Endpoint Protection, Accept the license agreement.

Choose your Microsoft Active Protection Service Membership.

Review the Summary and click Next for the installation of the roles to begin.

It should complete successfully.