Automated Application Management for Microsoft Endpoint Manager

Simplify third-party application management

Knowledge Base ArticlesRequest Trial

Minimum Permissions Required for Patch My PC to Scan SCCM for Managed Applications

In this article, we will describe the minimum permissions required to scan the SCCM database for install application from the Patch My PC Publishing Service. If you have the appropriate SQL permissions to the SCCM database, you should see scan results that look similar to below:

PatchMyPC Successful SCCM Scan

Unable to Connect to the SCCM Database?

In the event, you receive the error “Unable to connect to the SCCM database.” you will need to review the information below.

Here’s the error you will receive if you don’t have the appropriate permissions.

PatchMyPC unable to connect to the SCCM database

In the PatchMyPC.log, you will also see the following information.

Failed to connect to the WSUS database: Login failed for user ‘CONTOSO\user’.

SQL Permissions Required to Run SCCM Application Scans?

When we run the SCCM Application scan, it’s a direct SQL Query and does not go through the SMSProvider. The SQL query allows for better performance but may require to you give account(s) permissions to the SCCM database using SQL Server Management Studio.

If the query fails, you will need to perform the following steps to add the user or computer account in SQL Server.

From SQL Server Management Studio, click New Login…

SQL Server Add New Login

Add the account you need to grant permissions to in SQL Server. In the event, you need to add a computer account such as a remote WSUS server enter it as [DOMAIN]\[COMPUTERNAME]$.

Add Computer Account to SQL Server

Note: when you run the Query in the UI directly, the scan is performed under the current user context. In the event you enable automated product scanning highlighted below, the query is executed under SYSTEM context using WSUS server’s computer account.

PatchMyPC automated scan for products SCCM

You can leave the public access only under the Server Roles tab and click OK. Under the User Mapping tab, you need to check the SCCM database and enable the public database role membership.

PatchMyPC Only Public Access SQL SCCMDB

Next, you need to grant the account added Select permissions to the v_Add_Remove_Programs SQL view within the Configuration Manager database. Right-click v_Add_Remove_Programs view and click Properties and grant Select permissions. 

PatchMyPC Enable Select Permissions v_Add_Remove_Programs