SCCM On Domain Controllers

We have 40+ domain controllers and have been reluctant to use SCCM for managing their monthly Windows Updates. Our security team points out that since SCCM runs under the SYSTEM account, the SCCM te...

Active Directory

Management

Windows Server

LeonPavesic
Jul 13, 2023
Hi LL10890,

The answer is yes, in SCCM (System Center Configuration Manager), you can separate and control access to domain controllers to ensure that only authorized individuals or groups (in you case Domain Admins) can manage them.

Here's how you can achieve this:

- Create a specific group in SCCM for your domain controllers. This group will include all the domain controller machines.

Create collections in Configuration Manager.

- Assign the necessary administrative roles to the users or groups who should have access to manage the domain controllers. In this case, you would grant Domain Admins access to the domain controller group.

Role-based administration fundamentals - Configuration Manager | Microsoft Learn
Configure role-based administration - Configuration Manager | Microsoft Learn

- Configure the security settings in SCCM to restrict access to the domain controller group. This way, only users or groups with the designated roles and permissions will be able to view and manage the domain controllers within SCCM.

Manage clients - Configuration Manager | Microsoft Learn

By following these steps, you can effectively separate and control who can manage the domain controllers in SCCM.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

Kindest regards

Leon Pavesic

Forum Discussion

SCCM On Domain Controllers

Share

Resources