Permissions Required in SCCM for Base Installation Packages from Patch My PC
When enabling the base installation feature as shown below in our publishing service, it’s important to understand what permissions are required in SCCM.
When we create installation packages and distribute then we will need the following permissions in SCCM.
- Distribution Point: Read, Copy to Distribution Point
- Distribution Point Group: Read, Copy to Distribution Point Group
- Package: Read, Modify, Delete, Create
- Site: Read
We will need to be able to create, modify, delete, and distribution packages within SCCM. By default, we attempt these actions using the computer account of the server the publishing service is running. If your server where the publishing service is running is co-located on the SMS Provider server, we should have all the rights required by default.
If your server is remote from the SMS Provider, you will need to configure the computer account with the appropriate permissions in the Administrative Users node in the SCCM console. You can download our pre-created security role named “Patch My PC – Base Installations“. Once imported, you will then need to add the computer account as a new Administrative User and assign this new security role.
If you prefer, you can configure an impersonation account to use rather than the computer account of the server in the base install options.