Defining permissions requires configuring access rights in the Config Mgr. console and adding objects to predefined groups on the site server. In this example I am defining permissions to the service desk role.

Role description:

• Access to a user defined administrator console.
• Permissions to work with all objects in the “All workstations” collection.
• Permissions to to use remote tools.
• Permissions to read inventory data from the console and from reports.
• Permissions to read software packages and advertisements
• Permissions to read status messages.
• Permissions to create and read queries.

To solve this case I have granted these Config Mgr. permissions:

If Service desk also requires permissions to install the Config Mgr agent from the console they need Read permissions to the Site class.

Group membership on the site server:

• SMS admins
• Distributed COM users
• SMS Reporting Users

Group membership on local computer:

• Local administrator