To access web dashboards and trends
This permission set also allows scheduling for Builder actions and kiosk profile application in Right Click Tools.
- Local admin on the server where the proxy is being installed
- Read permissions in Active Directory
- db_datareader in Configuration Manager SQL server database
- Read-only access to Configuration Manager console (Read-only Analyst security role in ConfigMgr)
NOTE: Some actions won't work, such as adding to or removing from collection
To elevate permissions
- Local administrator access on all devices managed by Right Click Tools or Privilege Manager
NOTE: Some actions won't work, such as adding to or removing from collection
To add or remove from collections
- Permission to modify a collection in Configuration Manager: configmgr collection > modify permission
To run actions as a service account
- Local admin on any device that actions will be run against
- Read/Write permissions in Active Directory (Write is only required to delete devices from AD)
- Appropriate ConfigMgr Security Role for intended actions in the Configuration Manager console (Full Administrator for all actions)
- Permission to MBAM, if applicable
For Fast Channel support
- Permission to run scripts in Configuration Manager
If using Read-only Analyst in ConfigMgr as your base security role, also grant the following privileges:
To collect warranty information with Endpoint Insights
- If your Recast Management Server is installed on a server other than your Configuration Manager SQL database, the proxy account will need to be added to the SMS_SiteSystemToSiteServerConnection_MP_<YourSiteCode> local group on that server. This will allow it to read/write to your inboxes\auth\ddm.box, which is required to gather warranty data.