RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible in Console ConfigMgr Endpoint Manager

RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible in Console ConfigMgr Endpoint Manager. I had blogged about several Role-Based Administration Gotchas ConfigMgr SCCM RBA Gotchas and Implementation Guide.

One of my topics is that Newly installed DP is Not Visible for the Infrastructure Administrator more details here.

Microsoft took care of this issue and resolved it after upgrading to SCCM ConfigMgr. The good news is that now, Role-Based Administration (RBA) in SCCM respects the security scope of the CM 12 administrator installing the DP role.

RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible

The installed DP will get assigned to the security scope of the administrator who installed the DP.

Patch My PC

Earlier, all the installed DPs were assigned to the DEFAULT security scope. That was not ideal when you have a very complex environment with CAS and loads of primaries.  

This change in SCCM makes much more sense!!! 

Scenario before SCCM ConfigMgr

1. SCCM 2012 Infrastructure administrator installs a new remote DP under a primary site. He has infrastructure Administrator security access and location-specific security scope (more detailed about the security scope scenario is explained here). 

2. DP installs successfully, but it won’t be visible for SCCM 2012 admin in his console.

RBA Gotcha Resolved in SCCM Newly Installed DP is Not Visible.

3. Whereas SCCM CAS full administrator can view the DP and its installation status etc…

4. When an Infrastructure administrator installs a DP, the security scope of DP is automatically set to “DEFAULT“. If you’ve created different security scopes for different regions or country administrators, then the regional administrators won’t manage the installed DP. So the workaround was to inform CAS admin whenever there is any new DP installed in regional locations.

Happy that this issue got resolved in SCCM ConfigMgr!! Let me know RBA Gotcha is Resolved?

Resources

Use SCCM RBA Viewer Exe To Check RBAC Settings HTMD Blog (anoopcnair.com)

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.