RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible in Console ConfigMgr Endpoint Manager. I have blogged about several Role-Based Administration Gotchas, and one of them is given below: SCCM RBAC Implementation Troubleshooting Guide.
One of my topics is why the Newly installed DP is Not Visible to the Infrastructure Administrator. I will provide more details here.
Microsoft resolved this issue after upgrading to SCCM ConfigMgr. The good news is that Role-Based Administration (RBA) in SCCM now respects the security scope of the CM 12 administrator installing the DP role.
The installed DP will be assigned to the security scope of the administrator who installed it. Earlier, all the installed DPs were assigned to the DEFAULT security scope. That was not ideal when you have a very complex environment with CAS and many primaries.
- SCCM 2405 New Features
- SCCM 2403 New Key Features and Improvements
- 2404 Microsoft Intune New Features April Update
- Microsoft Intune Extends Support To Android 10 And Later From October 2024
- Use Power Automate To Import Autopilot Devices Hash Via Email For Intune Engineers
- New Key Features of SCCM 2309 | Top Improvements
- Download SCCM 2309 Early Ring Version using PowerShell Script
- SCCM 2307 Technical Preview New Features
- FIX SCCM Upgrade Issue because of SQL-Based Replication
- Fix SCCM Upgrade Breaks SSRS with UserTokenSIDs contains an error ConfigMgr
- Fix SCCM Upgrade Breaks SSRS with UserTokenSIDs Contains an Error ConfigMgr
Table of Contents
RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible
This change in SCCM makes much more sense. The list below helps you provide more details. Scenario before SCCM ConfigMgr.
SCCM 2012 Infrastructure administrator installs a new remote DP under a primary site. He has infrastructure administrator security access and a location-specific security scope (more details about the security scope scenario are explained here).
DP installs successfully, but it won’t be visible for SCCM 2012 admin in his console. RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible. Meanwhile, the SCCM CAS full administrator can view the DP and its installation status, etc.
When an Infrastructure administrator installs a DP, the security scope of the DP is automatically set to “DEFAULT“. If you’ve created different security scopes for different regions or country administrators, then the regional administrators won’t manage the installed DP. So, the workaround was to inform the CAS admin whenever any new DP was installed in regional locations.
I’m happy that this issue was resolved in SCCM ConfigMgr! Let me know if the RBA Gotcha is Resolved.
- Free SCCM Training Part 1 | 17 Hours Of Latest Technical Content | ConfigMgr Lab HTMD Blog (anoopcnair.com)
- How To Disable SCCM Application Deployment | ConfigMgr | MEMCM – HTMD Blog #2 (howtomanagedevices.com)
- Create Custom Roles RBAC in Intune
- Intune Application Deployment using MSI EXE IntuneWin Formats
- Protect Corporate Data using Data Loss Protection Policies with the Microsoft Purview Portal
- Configure Intune RBAC Role for macOS FileVault Recovery Key
- RBAC Permission to Run Remote Actions in Intune
Resources
Use SCCM RBA Viewer Exe To Check RBAC Settings HTMD Blog
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…