In this tutorial, I will show you how you can create Patch My PC publisher security role in SCCM. The Patch My PC ConfigMgr role can be created either automatically or manually, and I will explain both methods.
Security roles are created and assigned to administrative users to give them permission to Configuration Manager objects. For example, in SCCM, you can create a custom security role that grants permission to create or change client settings, view reports, manage collections, and so on.
This new Patch My PC ConfigMgr role will have the minimum permissions to create and manage applications, distribute content, and carry out software updates. So, let’s get started.
Prerequisites
- You must be running Patch My PC version 1.8.6 or newer.
- You must have configured the Patch My PC – Publishing Service
- The user account must have administrator privileges to configure the Patch My PC settings
Automatically Create SCCM Security Role for the Patch My PC Publisher
Patch My PC version 1.8.6 or newer includes a built-in option to automatically create the PMPC security role in SCCM. This method is easy when compared to manually creating the security role, and it saves a lot of your time.
Launch the Patch My PC publishing service. Switch to the Sync Schedule tab and now click Configure SMS Provider connection.
On the SMS provider connection options window, select Create ConfigMgr Security Role.
The following message confirms that a new Patch My PC Publisher security role has been created in SCCM.
“Security Role Patch My PC Publisher imported successfully. Please assign this role to either the computer account of this server or your connection account specified above.”
Click OK and close the PMPC tool.
Note: After the security role is created, you will need to assign the computer account of the server running the publisher or specify an alternative account to this security role.
Verify the Patch My PC Security Role in SCCM
After following the above procedure, let’s find out if the Configuration Manager console shows this new Patch My PC custom security role. Launch the SCCM console and navigate to Administration\Overview\Security\Security Roles. Here you will find the new custom security role for Patch My PC publisher.
In case you don’t find this new Patch My PC ConfigMgr role in the console, restart the publishing service and attempt to create the security role again using the above procedure.
Manually create Patch My PC Publisher Security Role in SCCM
In this method, I will show you how you can manually create the Patch My PC ConfigMgr role. You should be aware of the permissions that must be set for each object before you proceed.
According to Patch My PC, the following permissions are required when you create applications and packages and distribute them in SCCM.
- Application: Read, Modify, Delete, Set Security Scope, Create, Move Object, Modify Folder
- Distribution Point: Read, Copy to Distribution Point
- Distribution Point Group: Read, Copy to Distribution Point Group
- Folder Class: Read, Modify, Create
- Security Scopes: Read
- Site: Read
- Software Updates: Read, Modify
Manually creating a Patch My PC ConfigMgr role with the above permissions will take a lot of time. Thanks to Patch My PC, you can import their pre-created security role named “Patch My PC Publisher” into SCCM and the role will be created for you.
Let me now show you how to import the Patch My PC security role in the SCCM console. Download the Patch My PC ConfigMgr Role and extract the zip file contents to a folder. It contains a single file named Patch My PC Publisher.xml.
In the SCCM console, go to Administration\Overview\Security. Right-click the Security role and select Import Security Role.
Now browse to the folder that contains the Patch My PC Publisher.xml file and select it. This will create a new custom role named Patch My PC Publisher in Configuration Manager.
Still Need Help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.