Minimum Permissions Required for Patch My PC to Scan SCCM for Managed Applications
In this article, we will describe the minimum permissions required to scan the SCCM database for install application from the Patch My PC Publishing Service. If you have the appropriate SQL permissions to the SCCM database, you should see scan results that look similar to below:
Unable to Connect to the SCCM Database?
In the event, you receive the error “Unable to connect to the SCCM database.” you will need to review the information below.
Here’s the error you will receive if you don’t have the appropriate permissions.
In the PatchMyPC.log, you will also see the following information.
Failed to connect to the WSUS database: Login failed for user ‘CONTOSO\user’.
SQL Permissions Required to Run SCCM Application Scans?
When we run the SCCM Application scan, it’s a direct SQL Query and does not go through the SMSProvider. The SQL query allows for better performance but may require to you give account(s) permissions to the SCCM database using SQL Server Management Studio.
If the query fails, you will need to perform the following steps to add the user or computer account in SQL Server.
From SQL Server Management Studio, click New Login…
Add the account you need to grant permissions to in SQL Server. In the event, you need to add a computer account such as a remote WSUS server enter it as [DOMAIN]\[COMPUTERNAME]$.
Note: when you run the Query in the UI directly, the scan is performed under the current user context. In the event you enable automated product scanning highlighted below, the query is executed under SYSTEM context using WSUS server’s computer account.
You can leave the public access only under the Server Roles tab and click OK. Under the User Mapping tab, you need to check the SCCM database and enable the public database role membership.
Next, you need to grant the account added Select permissions to the v_Add_Remove_Programs SQL view within the Configuration Manager database. Right-click v_Add_Remove_Programs view and click Properties and grant Select permissions.