Symptom: When any user account, other than the individual who originally configured SCCM, tries to manage System Center Configuration Manager (SCCM), they are presented with the following error:
The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database. The account must belong to a security role in Configuration Manager. The account must also have the Windows Server Distributed Componenet Object Model (DCOM) Remote Activation permission for the computer running the Configuration Manager site server and the SMS Provider.
Solution: We need to provide a list of users/groups to have access to System Center through the configuration console. Follow the steps below on how to grant access.
- Open up the System Center Configuration Manager Console
- Select Administration
- Expand Security, select Administrative Users, and select Add User or Group at the top
- Click the Browse button to add security group or user you wish to add for the User or group name
- Note about Domain Admins: the first group you might try to add is Domain Admins, however if you add that group you will notice that users in this group will still be unable to open the console. This is due to the behavior of user context logged in. If UAC is enabled on the machine, you won't have access to the SCCM you login to the machine with a domain admin account, unless you right click on the console and run it is Administrator. If you want this to work as intended, you will need to create a new security group in Active Directory, add Domain Admins to it, and then specify that group in SCCM.
- Click the Add... button
- Check Full Administrator, and click OK
- Click OK
- The end result should now look like this. At this point, any member or group inside of SCCM Admins should have access to manage SCCM now via the console.