How to Reduce SCCM Security Concerns & Accessibility Headaches

SCCM Security

As a Service Desk Manager, you understand what it means to be the public face of IT to your company. Odds are, you started out in level one or level two support and worked your way up. For the longest time, the Service Desk function was mostly to triage issue and requests. If the suggestions the Analyst offered did not resolve the issue, the ticket was escalated to Desktop Support or higher for onsite troubleshooting.

Eventually, remote control utilities allowed the Service Desk to begin transitioning from a call center-based model to a first call resolution model. This increased resolution and service request fulfillment times however, there was still end user impact as productivity was interrupted for the duration of the time that the Analyst needed complete control of the workstation. So, for you, the Manager, it’s a case of two steps forward and one step back.

At around the same time frame, Microsoft released a computer management solution that started out as Systems Management Server (SMS) and grew into System Center Configuration Manager. This application gave administrative level access to the computer landscape that provides Administrators with:

  • Inventory Data (hardware & software)
  • Remote Application Installation
  • Remote Operating System Deployment
  • User Session Remote Control
  • Software Update Management (with WSUS added)

This tool would be of immense value to you, the Service Desk Manager and you team to be able to troubleshoot and resolve or install applications with minimal impact to the end user. Unfortunately, the other major benefit of this tool is that this functionality could be applied to multiple computers at a time.

This made Config Man a pretty powerful tool. It also made it a very dangerous tool. So much so that stories exist of entire landscapes being wiped out by one small mistake using Config Man. Due to this risk, Config Man admins needed to be trained and trusted and the value of their skillset limited them as a resource that could be utilized by you, the Service Desk Manager.

Since most companies had only one or two Admins, this created a bottleneck in getting applications to the end users and real-time information about their workstations. You want your Analysts to share the workload, but Config Man Admins are reluctant to allow access to the console because it required a lot of effort to configure the RBAC for other Analysts to be able to use it safely. The console would also need to be installed on every Analysts’ workstation as there is no web-based interface.

The good news is, at Cireson there is a solution that is a win-win for everybody (queue the trumpets). That solution is called True Control Center (or TCC). With TCC, you don’t need to provide your Service Desk Analysts with Config Man consoles as TCC is fully web-based.

Let’s take a look at the benefits of TCC for the frontline Analyst:


The Cireson Control Center is web-based. No Config Man Console to worry about installing, securing (a relief for the Admin), or learning. This is a pretty intuitive, easy to pick up interface to get your job done.

True Control Center is web-based. No Config Man Console to worry about installing, securing (a relief for the Admin), or learning.


The Configuration Manager Admin can quite easily scope the access to TCC so that your Service Desk Analysts can use the tools they need (and only the tools the need) to be able to troubleshoot and provide services to the workstations within their purview (and only the workstations within their purview).te security impact and severity risk is greatly reduced with this solution.

Configuration Manger Security Settings in True Control Center


With the Control Center, the Service Desk Analyst has quick access to information when troubleshooting an end user’s computer. Simply by highlighting the computer in the TCC view, information about Config Man client status/health, primary users, OSD readiness, deployment status, and Add Remove Programs inventory is immediately available.

When using the Remote Manage flyout for a selected computer, Analysts get a deeper look into hardware inventory, installed applications (both from Config Man inventory and real-time via WMI), available Software Updates, and currently running processes and services. They can also be given access to any of the hundreds of Config Man reports where applicable to their roles.

They can also be given access to any of the hundreds of Config Man reports where applicable to their roles.

A Call to Action

Having access to data when troubleshooting a user’s computer is helpful but being able to do something with that data the key to evolving into a true First Call Resolution service desk. TCC not only provides Analysts with actionable toolsets from Config Man, it also adds some capabilities not available from Config Man alone.

In Configuration Manager, you have the ability to:

  • Deploy software and monitor status
  • Deploy OS Task Sequences and monitor status
  • Manage User Device Affinity
  • Remote Control to the end user’s current session

The Control Center gives you the capability to provide access to this functionality to your Service Desk analysts as needed but it doesn’t stop there. With TCC, analysts can also:

  • Perform Config Man client actions
  • Access the affected computer’s log files folder or C$ share
  • Repair or rest WMI
  • Repair or uninstall the Config Man client
  • Reboot or shutdown the computer
  • Invoke a remote PowerShell session
  • Evaluate the computer’s group policy
  • Repair or uninstall applications
  • Terminate processes
  • Stop or restart services

SCCM Security

As a Service Desk Manager and the face of IT in your company, you need to be able to arm your Analysts with the tools they need to get the job done in the most efficient manner. This makes end users happy, which makes their Managers happy, which makes ExCom happy which makes you happy (and employed). Microsoft System Center Configuration Manager can be a part of that toolset, but with the Cireson Control Center, those tools are safer with added security, maximized, and augmented so that your Service Desk Analysts can be happy as well as productive.

Ready to transform your SCSM experience?  View all of the exciting apps Cireson has to offer.

Experience Teams Ticketing Today

Start your 14-day free trial of Tikit. No credit card required.