Security & Auditing

From Now Micro
(Redirected from Centralized Permissions)
Jump to: navigation, search

The client server architecture behind Recast RCT Enterprise allows administrators to add another layer of security on top of ConfigMgr's preexisting Role-Based Administration model. With the Recast Server, user accounts can be added to the system and assigned specific roles that prohibit them from performing certain Recast RCT Enterprise actions. As roles are assigned, the effective permissions change. Users can view the available permissions for the administrators, auditors, read only, helpdesk and test roles. Custom roles can also be added and assigned task-specific permissions. The Security Auditing feature shows any actions that users have performed using the Recast RCT Enterprise. The in-depth layout indicates if actions were successful and provides error-level feedback.

Contents

Security and Auditing Video

Users

With the Recast Server, user accounts can be added to the system and assigned specific roles that prohibit them from performing certain Recast Right Click actions. As roles are assigned, the effective permissions change.

Server - User Roless.JPG


















Roles

In the Roles tab, users can view the available permissions for the administrators, auditors, read only, helpdesk and test roles. Custom roles can also be added at the bottom of the interface.

Server - Roless.JPG

















Audit Log

The Audit Log shows every right click action that has been performed since the initial server installation. With the Audit Log, administrators can view what action was performed, who performed it, and what time it was performed.

Audit Log.JPG

















Permissions Required for Recast RCT Enterprise Actions

Device/Device Collection Tools

Client Actions
Action Plugin Required Permission Role Required
All Actions System Center 2012 Configuration Manager Client Cache Administrator Administrator/HelpDesk
Client Tools
Action Plugin Required Permission Role Required
Change Cache Size System Center 2012 Configuration Manager Client Cache Administrator Administrator/HelpDesk
Clear Cache System Center 2012 Configuration Manager Client Cache Administrator Administrator/HelpDesk
Client Information System Center 2012 Configuration Manager Client Read Only Administrator/ReadOnly/HelpDesk
Open Client Log Folder None None None
Open Client Install Log Folder None None None
Rerun Advertisement System Center 2012 Configuration Manager Client Rerun Deployment Administrator/HelpDesk
Restart SMS Agent Host Services Manipulate Service Administrator/HelpDesk
Run Client Check System Center 2012 Configuration Manager Client Client Administrator Administrator/HelpDesk
Show Collections Advanced ConfigMgr Read Only Administrator/ReadOnly/HelpDesk
Repair Client System Center 2012 Configuration Manager Client Client Administrator Administrator/HelpDesk
Uninstall Client System Center 2012 Configuration Manager Client Client Administrator Administrator/HelpDesk
Console Tools
Action Plugin Required Permission Role Required
AD Security Groups Active Directory Query AD Administrator/ReadOnly/HelpDesk
AD Security Groups - Add To Group Active Directory AddRemoveAccountFromGroup Administrator/HelpDesk
AD Security Groups - Remove From Group Active Directory AddRemoveAccountFromGroup Administrator/HelpDesk
AD Bitlocker Recovery Keys Active Directory GetBitlockerPassword Administrator/HelpDesk
Connect to C$ None None None
Group Policy Update System Information GPUpdate Administrator/HelpDesk
Interactive PowerShell Prompt None None None
Manage Computer None None None
Open Regedit None None None
Ping Computer Networking Ping Computer Administrator/HelpDesk
Run PowerShell Script PowerShell RunScriptComputer Administrator/HelpDesk
Running Processes System Information Read Only Administrator/HelpDesk
Running Processes - Kill Process System Information Kill Process Administrator/HelpDesk
System Information System Information Read Only Administrator/HelpDesk
System Information - Uninstall Software Installed Software UninstallSoftware Administrator/HelpDesk
System Information - Delete Profile System Information Delete Profile Administrator/HelpDesk
System Information - Services Services Read Only Administrator/HelpDesk
System Information - Restart Service Services ManipulateService Administrator/HelpDesk
Cancel Pending Restart or Shutdown System Information ShutdownComputer Administrator/HelpDesk
Schedule Restart or Shutdown System Information ShutdownComputer Administrator/HelpDesk
Restart System System Information ShutdownComputer Administrator/HelpDesk
Shutdown System System Information ShutdownComputer Administrator/HelpDesk
Lab Management (all actions) Lab Management Administrators Administrator


Collection Tools have the same permissions as device tools except for those noted below.

Collection Tools
Client/Console Action Plugin Required Permission Role Required
Add Computers to Collection ConfigMgr Add or Remove from Collection Administrator/HelpDesk
Run PowerShell Script PowerShell RunScriptComputer Administrator/HelpDesk

User Tools

User Tools
Action Plugin Required Permission Role Required
Change Password Active Directory Reset Password Administrator/HelpDesk
Enable/Disable Account Active Directory EnableDisableAccount Administrator/HelpDesk
Run PowerShell Script PowerShell RunScriptComputer Administrator/HelpDesk
Security Groups Active Directory QueryAD Administrator/ReadOnly/HelpDesk
Security Groups - Add To Group Active Directory AddRemoveAccountFromGroup Administrator/HelpDesk
Security Groups - Remove From Group Active Directory AddRemoveAccountFromGroup Administrator/HelpDesk
Unlock Account Active Directory UnlockAccount Administrator/HelpDesk
User Devices ConfigMgr ReadOnly Administrator/ReadOnly/HelpDesk

Status Message Query Tools

No roles are required for the Status Message Query Tools

Content Tools

Content Tools
Action Plugin Required Permission Role Required
Content Status ConfigMgr Content Status Administrator/HelpDesk
Application Revision History None None None
Open Content Source Folder None None None

Query Tool

Query Tool
Plugin Required Permission Role Required
WMI Read Only Administrator/ReadOnly/HelpDesk
Personal tools
Namespaces

Variants
Actions
Navigation
Tools