FAQs

Scope: Easy2Patch (All Versions)

Some settings are missing in SCCM Settings tab

The SCCM/WSUS/Intune tab under Settings is license sensitive. The tabs on this screen are visible or hidden according to the license and usage. The following describes the visibility and functionality of tabs by license and usage scenarios.

  1. Free License; In this licensing model, only the WSUS tab is visible and no configuration other than the Standalone WSUS configuration can be used. None of the SCCM settings are visible and functional on these screens.

  2. Standard License; If you have a Standard license, only the settings for WSUS will be visible on the screen. In this licensing model, Application Deployment via SCCM and Intune-related settings are not visible and non-functional.

  3. Advanced License; If you have a Advanced license, only the settings for WSUS and SCCM Application Deployment will be visible on the screen. In this licensing model, Intune-related settings are not visible and non-functional.

  4. SCCM Console; If the SCCM console is not installed on the system where Easy2Patch is installed, the SCCM related settings will appear and will not be functional. The console must be loaded and the Easy2patchSvc service and, if open, the Easy2Patch screen must be restarted.

SCCM Collection and/or DP Lists are empty

SCCM DB Settings; The Distribution Point and Collection list on the SCCM Settings screen will be empty if the SCCM database settings have not been made. The user account configured on the System account or SCCM screen must have read rights defined in the relevant database.

Following SQL batch running on ConfigMgr database to give permission for service account of user who use Easy2Patch and Easy2PatchSvc service account.

E2PPermissions.sql
-- Replace the DB name that says E2P with the appropriate name in your environment
USE [CM_E2P]
GO

-- {Domain\Username | Domain\ServerName$} replace it with the appropriate user account
DECLARE @UserName nvarchar(128) = 'Domain\Username'
  --DECLARE @UserName nvarchar(128) = 'Domain\ServerName$'
  
DECLARE @QuotedUserToGrant nvarchar(128) = QUOTENAME(@UserName);

IF NOT EXISTS(SELECT principal_id FROM sys.server_principals WHERE name = @UserName) BEGIN
DECLARE @LoginSQL as varchar(500);
SET @LoginSQL = 'CREATE LOGIN '+ @QuotedUserToGrant + ' FROM WINDOWS';
EXEC (@LoginSQL);
END

IF NOT EXISTS(SELECT principal_id FROM sys.database_principals WHERE name = @UserName) BEGIN
DECLARE @UserSQL as varchar(500);
SET @UserSQL = 'CREATE USER ' + @QuotedUserToGrant + ' FOR LOGIN ' + @QuotedUserToGrant;
EXEC (@UserSQL);
END

DECLARE @PermissionsSQL as varchar(500);
SET @PermissionsSQL = 'GRANT SELECT ON [dbo].[v_FullCollectionMembership] TO ' + @QuotedUserToGrant +
' GRANT SELECT ON [dbo].[v_GS_ADD_REMOVE_PROGRAMS] TO ' + @QuotedUserToGrant +
' GRANT SELECT ON [dbo].[v_Collection] TO ' + @QuotedUserToGrant +
' GRANT SELECT ON [dbo].[v_GS_ADD_REMOVE_PROGRAMS_64] TO ' + @QuotedUserToGrant +
' GRANT SELECT ON [dbo].[v_Add_Remove_Programs] TO ' + @QuotedUserToGrant +
' GRANT SELECT ON [dbo].[v_GS_INSTALLED_SOFTWARE] TO ' + @QuotedUserToGrant
EXEC (@PermissionsSQL);

SCCM rights for Administrator and Service Account

Publishing updates on SCCM, triggering synchronization, creating applicaiton automatically with Easy2Patch a user account to be created on Active Directory is required for SCCM jobs. This user account needs the following SCCM privileges.

  • Application: Read, Modify, Delete, Set Security Scope, Create, Move Object, Modify Folder

  • Software Updates: Read, Modify

  • Distribution Point: Read, Copy to Distribution Point

  • Distribution Point Group: Read, Copy to Distribution Point Group

  • Folder Class: Read, Modify, Create

  • Security Scopes: Read

  • Site: Read

Last updated