Prerequisites

<< Click to Display Table of Contents >>

Raynet One Data Hub > 14.0 u1 > Connectors > Alphabetic Connector List > ECM Connector 

Prerequisites

Configuration

The connector uses the Windows Management Instrumentation in order to create a connection to the Configuration Manager Console server of the ECM system. The following parameters are required in order to create the connection:

 

Parameter

Description

Values

API

Option to execute the queries on the target SCCM machine

SM (System Management)

MMI (Microsoft Management Infrastructure)

Access Type

Access type used to connect to the target server

DCOM (Distributed Component Object Model)

WSMan (Web Service Management) [API MMI only!]

Host

Target hostname

Custom string [Hostname or FQDN]

User Name

User used for the connection operation

Custom string

Password

Password for the specified user

Custom security string

Site

SMS site name

Custom string

 

ECM Configuration

In ECM the user needs to at least be granted the Read-only Analyst role. This role grants the permissions to view all the Configuration Manager objects.

 

SCCMWMI_SCCMReadOnlyAnalyst

 

To grant the necessary rights, open the Properties of the user and click on the Add... button. Then select the Read-only Analyst role by checking the checkbox.

 

SCCMWMI_SCCMSETTINGS

 

Check that the Security Roles Column shows the Read-only Analyst as role for the user that will be used with the connector.

Specifications

Option 1: Local Administrator

This is the approach with the highest permission level necessary. The user needs to be part of the local administrators group. Local administrators usually have full permissions to WMI.

 

Option 2: Grant Dedicated Permissions

This is the approach with the least privileges necessary. For granting dedicated permissions to specified service users or groups, the following needs to be configured on the target system:

 

Group Membership

The user or group needs to a member of the following groups:

Performance Monitor Users

S-1-5-32-558

Distributed COM Users

S-1-5-32-562

Remote Management Users

S-1-5-32-580

 

Dedicated Permissions

The user or group needs the following permissions on the WMI namespace:

Namespace

Permission

Inheritance

\root

Enable

Remote Enable

No

\root\sms\site_<SITENAME>

Enable

Execute Methods

Remote Enable

Read Security

Yes