In this tutorial, I will show you how you can create Patch My PC publisher security role in SCCM. The Patch My PC ConfigMgr role can be created either automatically or manually, and I will explain both methods.

Security roles are created and assigned to administrative users to give them permission to Configuration Manager objects. For example, in SCCM, you can create a custom security role that grants permission to create or change client settings, view reports, manage collections, and so on.

This new Patch My PC ConfigMgr role will have the minimum permissions to create and manage applications, distribute content, and carry out software updates. So, let’s get started.

Install and Update Third Party Applications with Patch My PC
Install and Update Third Party Applications with Patch My PC

Prerequisites

  • You must be running Patch My PC version 1.8.6 or newer.
  • You must have configured the Patch My PC – Publishing Service
  • The user account must have administrator privileges to configure the Patch My PC settings

Automatically Create SCCM Security Role for the Patch My PC Publisher

Patch My PC version 1.8.6 or newer includes a built-in option to automatically create the PMPC security role in SCCM. This method is easy when compared to manually creating the security role, and it saves a lot of your time.

Launch the Patch My PC publishing service. Switch to the Sync Schedule tab and now click Configure SMS Provider connection.

Automatically create Patch My PC Publisher Security Role in SCCM
Automatically create Patch My PC Publisher Security Role in SCCM

On the SMS provider connection options window, select Create ConfigMgr Security Role.

Automatically create Patch My PC Publisher Security Role in SCCM
Automatically create Patch My PC Publisher Security Role in SCCM

The following message confirms that a new Patch My PC Publisher security role has been created in SCCM.

Security Role Patch My PC Publisher imported successfully. Please assign this role to either the computer account of this server or your connection account specified above.”

Click OK and close the PMPC tool.

Automatically create Patch My PC Publisher Security Role in SCCM
Automatically create Patch My PC Publisher Security Role in SCCM

Note: After the security role is created, you will need to assign the computer account of the server running the publisher or specify an alternative account to this security role.

Verify the Patch My PC Security Role in SCCM

After following the above procedure, let’s find out if the Configuration Manager console shows this new Patch My PC custom security role. Launch the SCCM console and navigate to Administration\Overview\Security\Security Roles. Here you will find the new custom security role for Patch My PC publisher.

Verify the Patch My PC Security Role in SCCM
Verify the Patch My PC Security Role in SCCM

In case you don’t find this new Patch My PC ConfigMgr role in the console, restart the publishing service and attempt to create the security role again using the above procedure.

Manually create Patch My PC Publisher Security Role in SCCM

In this method, I will show you how you can manually create the Patch My PC ConfigMgr role. You should be aware of the permissions that must be set for each object before you proceed.

According to Patch My PC, the following permissions are required when you create applications and packages and distribute them in SCCM.

  • Application: Read, Modify, Delete, Set Security Scope, Create, Move Object, Modify Folder
  • Distribution Point: Read, Copy to Distribution Point
  • Distribution Point Group: Read, Copy to Distribution Point Group
  • Folder Class: Read, Modify, Create
  • Security Scopes: Read
  • Site: Read
  • Software Updates: Read, Modify

Manually creating a Patch My PC ConfigMgr role with the above permissions will take a lot of time. Thanks to Patch My PC, you can import their pre-created security role named “Patch My PC Publisher” into SCCM and the role will be created for you.

Let me now show you how to import the Patch My PC security role in the SCCM console. Download the Patch My PC ConfigMgr Role and extract the zip file contents to a folder. It contains a single file named Patch My PC Publisher.xml.

In the SCCM console, go to Administration\Overview\Security. Right-click the Security role and select Import Security Role.

Manually create Patch My PC Publisher Security Role in SCCM
Manually create Patch My PC Publisher Security Role in SCCM

Now browse to the folder that contains the Patch My PC Publisher.xml file and select it. This will create a new custom role named Patch My PC Publisher in Configuration Manager.

Manually create Patch My PC ConfigMgr role
Manually create Patch My PC ConfigMgr role

Still Need Help?

If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.

Prajwal Desai

Prajwal Desai is a technology expert and 10 time Dual Microsoft MVP (Most Valuable Professional) with a focus on Microsoft Intune, SCCM, Windows 365, Enterprise Mobility, and Windows. He is a renowned author, speaker, & community leader, known for sharing his expertise & knowledge through his blog, YouTube, conferences, webinars etc.