SystemCenter SCCM
Administrator
 

As of the current version of Idesk, all SCCM tasks are performed under a pre-authorised SCCM admin user. The current Idesk user's permissions do not apply as also local windows user's credentials are not applied.

To get a general introduction to the desk's integration features, read the section Staff / Working with SCCM.

Planning

  1. Idesk can be connected to one SCCM server. This means you can connect to either the Root SCCM server and Idesk will pick up all sub sites, or you can connect to a sub-site which you can define as well. Only name is required for subsite and full path, generally "root\\sms\..", is not required.
  2. If you plan to use software deployment from with the desk, you would need to decide if you would like to allow direct membership to SCCM applications and packages collections or use AD security groups. By default direct membership is disallowed and can be overridden in settings.
  3. Plan and create a user in SCCM who will have permissions to do the following (it is usual to create an AD user and give admin access in:
    • Read Inventory data for assets
    • Read Applications and Packages List
    • Deploy Packages

There are three sections of integration:

  1. Access SCCM from Idesk
  2. Invoke Remote Control from Idesk
  3. Access Idesk web console from SCCM

Access SCCM from Idesk

Part A

To enable Idesk to get a list of assets, inspect a user asset and run remote control, you would need to set up the following data. All of its is self-explanatory and pretty straight forward.

There is however one topic you need to take care. If installing Idesk on the same server as SCCM, (a) leave username and password blank and, (b) use localhost as the SCCM Server ID.

- Please make sure other Integrations are disabled.

- Still under Application Settings / General tab, towards the end check Sync Assets setting and set it to 24, or whatever is a good sync period to get updated assets list from SCCM. Minimum value is 1 which is 1 hour.

A Note on Direct Membership and deployment

Idesk reads Application/Package rules to modify membership of security groups. Some environments allow or prefer adding and removing machines directly in the application/package collection in SCCM. Whatever your reason to do it, if this setting is switched on, membership would be allowed directly in the SCCM collection.

The actual process of deploying the application or package is handled by SCCM based on changes placed into membership collection. Idesk does not track any further progress. If you find Idesk logged success against a request but the deployment did not happen, it would need to traced in SCCM.

Part B

The second part is to enable syncing assets from SCCM into the desk. Locate the General Tab under Application settings and go to Sync Assets setting. Provide a reasonable value.

This settings is used to sync both the asset list and Applications/Packages list. a value of 24 (hours) is a generally acceptable setting. Do note, this means new assets and packages added to SCCM will take some time to reflect within the desk.

For security, current username and password are not displayed. Rather a message is shown "Value Provided". To enter new credentials just enter new values and click Save.

Remote Control

Idesk provides a web uri invocation to trigger SCCM remote control installed locally on an analyst's machine. No special permissions are needed in Idesk to use remote control.

As an example, remote control link triggered by Idesk is of the format sccmrc://devicename. You can manually regedit your local system file to respond to "sccmrc://" uri.

A Reg file is available to ease your life.

SCCM side

Logging calls into the desk or listing calls from with SCCM is an extremely powerful and helpful feature. This can be achieved by using native SCCM extensions to add a menu item to the device list. An example is shown below:

You would need some simple SCCM skills to invoke Idesk on a device right click. First you would need to create a vbs file in SCCM to invoke a url and a bat file in system settings to trigger the vbs. Both files are available on request.

The web url to call for Idesk is idesk-server/index.php/api/ldms/cbm/machine. Replace "machine" in the url with the dynamic device data (usually ../+WScript.Arguments.Item(0)).