Setting up a Microsoft System Center Configuration Manager (SCCM) Integration

Privilege Manger integrates with Microsoft System Center Configuration Manager (SCCM) to allow the

Create a Credential

Verify Privilege Manager needs a username and password to access SCCM. If you have not already created an appropriate user credential:

  1. Navigate to Admin | Configuration | Credentials.
  2. Click Create, to create user credentials to access SCCM.
  3. After entering the user credentials information for SCCM, click Save Changes.

Connecting to SCCM

Before you can import data from SCCM you need to setup a foreign systems connection in Verify Privilege Manager for the SCCM integration.

  1. Navigate to Admin | Configuration and select the Foreign Systems tab.

  2. Select System Center Configuration Manager. If this is not listed, make sure the connector is installed by verifying via the Privilege Manager Add/Upgrade Features page.

  3. Click Create.

    new sccm

  4. Enter the name of the SCCM Server and provide the WMI Namespace of the SCCM Site.

  5. Click Create.

  6. Under Settings from the Credential drop-down, select the SCCM account created in the previous procedure.

  7. Click Save Changes.

Import Computers

Before you can import collection data from SCCM, Verify Privilege Manager needs to know about computers in your SCCM.

  1. Navigate to Admin | More and select Tasks.

  2. On the Tasks tab open the folder tree and select Server Tasks | Foreign Systems | SCCM.

  3. Click SCCM Sync Computers.

    view task

  4. Click Run.

  5. Select your SCCM system via the Select... option.

    select

    1. Under Scope by Organizational Group type the name of your sccm system in the search text or use the search option.
  6. Click Run Task.

Verify the Computers have been Imported (optional)

  1. Navigate to Admin | Resources.
  2. Open the Resources tab.
  3. In the folder tree open Organizational Views | Default | All Resources | Asset | Network Resource | Computer.
  4. Select a computer from that list.
  5. Select the Known Data tab in the computer resource explorer view.
  6. In the tree under Foreign Systems, you should have the Foreign System Id and SCCM Platform Id data.

Create a Collection

After computers have been imported, you can create a collection to mirror an SCCM collection.

  1. Navigate to Admin | Resources, open the Resource Filters tab.

  2. In the folder tree under Resource Filters open Collections | System Center Configuration Manager.

  3. Click Create

  4. Enter a Name and Description, and specify the SCCM instance to connect to.

    create

  5. Click Create.

  6. Select the Filter Definition tab and under Foreign Collection select the Collection target.

    TODO

  7. Click Save Changes.

  8. Click the Sync Foreign Collection to update the membership immediately. The foreign collection update can also be scheduled by following the link in the help tip.

  9. Select the Membership tab and then click the Update Membership tab to see the current membership of this collection.

Inventory Software Packages

Once the Foreign System has been created, an on-demand packages synchronization can be run and/or a regular synchronization schedule can be set-up via the following steps:

  1. Navigate to Admin | More and select Tasks.

  2. On the Tasks tab open the folder tree and select Server Tasks | Foreign Systems | SCCM.

  3. Click SCCM Sync Packages.

    select task

  4. Click Run.

  5. Select your SCCM system via the Select... option.

    1. Under Scope by Organizational Group type the name of your sccm system in the search text or use the search option.

    run task

  6. Click Run Task.

Alternatively the SCCM Sync Packages task can be scheduled to regularly repeat. When viewing the task, navigate to the Schedules tab and create a new schedule.

Create a SCCM Package Content Filter

After the Package Synchronization completes the SCCM Packages can be used in application control policies via package content filters.

  1. Navigate to Admin | Filters.

  2. Click Create Filter.

  3. From the Platform drop-down select Windows.

  4. From the Filter Type drop-down scroll to Inventory Filters and select the Package Contents Filter.

  5. Set the Name and Description of the filter.

  6. Click Create.

  7. Under Collection Settings

    1. from the Data Source drop-down select a resource.
    2. Click the package link to specify the SCCM that will be targeted.
    3. Set the switch Results will be to Included.

      new filter

  8. Navigate to the Membership tab.

  9. If no items are listed in the membership table, click Update Membership.

    sync

    Running the sync package task, causes the server to inventory the package referenced in the filter. If you have multiple filters and packages, IBM Security recommends to use the Inventory Packages Referenced in Allowlists task instead.

  10. Click Save Changes.

This filter can then be referenced in Application Control policies.