SCCM 2012 CEP Program – Role-Based Administration & Collections


Tonight I viewed the recording of the CEP Program meeting about Role-Based Administration & Collections. The following information was shared through this session.

The session started with the following Session Takeaways:

After these takeaways the session continued with some slides on Role Based Administration (RBA). RBA let’s you map organizational roles of your admins to security roles. In ConfigMgr 2012 the following building blocks can be used:

  • Security Role = What type of objects can I see and what can I do with them
  • Security Scope = Which instances can I see and interact with
  • Collection limiting = With which resources can I interact
  • Admins can have one or more security roles and scopes

Other improvements on RBA are:

  • Admins only see what they have access too
  • ConfigMgr security management is simplified by defining once for the entire hierarchy. RBA data is global data!

After the slides of Role Based Administration the above information was presented through a demo. It looks very usable and flexible. A great improvement compared to the current security model of SCCM 2007. The second part of the meeting was about collections and the changes on this topic in SCCM 2012. The most important changes are:

  • Two types of collections,  can only contain one of the following resources, not both
    • User Collections
    • Device Collections


  • No more sub collections
    • SCCM 2007:Means to organize collections in a folder-like manner
      • SCCM 2012 Answer = Organizational Folders


    • SCCM 2007:Advertisement reuse and/or staggered deployments
      • SCCM 2012 Answer= Composable Collections


  • Two new member types
    • Include another collection, can be used for staggered deployments
    • Exclude another collection


  • Collection Member Evaluation
    • Faster
    • Every 10 minutes
    • Delta evaluation instead of a Full evaluation
    • Based on R3 implementation


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.