ReadPermissions Required in SCCM for Base Installations from Patch My PC
When enabling the base installation feature as shown below in our publishing service, it’s important to understand what permissions are required in SCCM.
When we create installation packages and distribute then we will need the following permissions in SCCM.
- Application: Read, Modify, Delete, Create
- Distribution Point: Read, Copy to Distribution Point
- Distribution Point Group: Read, Copy to Distribution Point Group
- Folder Class: Read, Modify, Create
- Package: Read, Modify, Delete, Create
- Site: Read
- Software Updates: Read, Modify
We will need to be able to create, modify, delete, and distribution packages within SCCM. By default, we attempt these actions using the computer account of the server the publishing service is running.
You can download our pre-created security role named “Patch My PC – Base Installations“. Once imported, you will then need to add the computer account as a new Administrative User and assign this new security role.
If you prefer, you can configure an impersonation account to use rather than the computer account of the server in the base install options.