Prerequisites

A web server (Windows Server 2016 or above) to install SoftwareCentral and its associated services on. Note that the server must be AD joined.
A Microsoft SQL database (SQL or SQL Express 2014 or above). We recommend that you use the collation SQL_Latin1_General_CP1_CI_AS for both the server and the database. It is however a requirement that the server and database run the same collation.
A service account with the following permissions:
- Read, write and execute permissions on the SoftwareCentral database.
- Read and execute permissions on all ConfigMgr site databases.
- Local Administrative rights on the web server.
- Log on as a service rights on the web server.
- Act as part of the operating system permissions on the web server.
- Replace a process level token permissions on the web server.
- Adjust memory quotas for a process permissions on the web server.
An Active Directory group to manage administrative users for SoftwareCentral.

To install SoftwareCentral, the account that signs on to the web server must also have the following permissions:

Local Administrative rights on the web server.
Permissions to connect to the SoftwareCentral database. If the account does not have permissions to create a database and login, an empty database can be manually created with a login for the SoftwareCentral service account.
- If you choose to manually create the database, use collation "SQL_Latin1_General_CP1_CI_AS".
- The login must have read, write and execute permissions.
If the account has access to the ConfigMgr database, the SoftwareCentral installer can create the required login and assign read and execute permissions to the ConfigMgr database. Otherwise this will have to be done manually.

Follow the installation guide to install SoftwareCentral.

Windows Server minimum requirements

The minimum requirements for this server is as follows:

Windows Server 2016 or above
Microsoft Internet Information services (IIS) 10 or above
Microsoft .NET Framework 4.8 or above
IIS URL Rewrite Module 2.1 or above (Download from here)
Dual core processor or above
8 GB of memory or above
10 GB of free disk space or above
Microsoft SQL Server 2014 or above or Microsoft SQL Express Server 2014 or above

Hardware requirements will increase with the amount of simultaneous users of SoftwareCentral. If needed, SoftwareCentral supports load balancing and SQL clusters.

Required server roles and features

Web Server (IIS)
- Web Server
  - Common HTTP Features
    - Static Content
  - Application Development
    - ASP
    - ASP.NET 3.5
    - ASP.NET 4.8
  - Security
    - Windows Authentication (Only needed if you intend to use Windows Authentication)
.NET Framework 4.8 Features
- .NET Framework 4.8
- ASP.NET 4.8
.NET Framework 3.5 Features
- .NET Framework 3.5

Firewall ports

The following ports must be open:

443 for HTTPS connections to the site
80 for the HTTP connection to the site
1433 for database connections
135 and the port range defined in the environment for WMI calls
2701 and 2702 for the Remote Control Tool on ConfigMgr
389 for LDAP or 636 for LDAPS.
445 to read log files on clients
137 UDP/TCP for network discovery
138 UDP for network discovery
139 TCP for network discovery

ConfigMgr requirements

SoftwareCentral connects to your ConfigMgr using the service account. You may also add additional service accounts after the installation, that can be used for this connection.

The account used must have the following permissions on the ConfigMgr:

Application
- Read; Modify; Delete; Create; Approve; Move Object; Modify Folder; Run Report; Modify Report
Application Group
- Read; Modify; Delete; Set Security Scope; Create; Approve; Move Object; Modify Folder
Boot Image Package
- Read; Modify; Delete; Create; Move Object; Modify Folder
Collection
- Read; Modify; Delete; Remote Control; Modify Resource; Delete Resource; Create; View Collected File; Read Resource; Move Object; Deploy Packages; Deploy Client Settings; Modify Folder; Deploy Applications; Modify Collection Setting; Deploy Task Sequences; Run Script; Notify resource; Modify Client Status Alert
Computer Association
- Read; Delete; Create; Move Object; Modify Folder; Recover User State; Run Report; Modify Report
Configuration Item
- Read; Modify; Delete; Create
Distribution Point
- Read; Copy to Distribution Point
Distribution Point Group
- Read; Copy to Distribution Point
Folder Class
- Read; Modify; Delete; Create
Package
- Read; Modify; Delete; Create; Move Object; Modify Folder; Run Report; Modify Report
Phased Deployments
- Read; Modify; Delete; Create
Query
- Read; Modify; Delete; Create; Move Object; Modify Folder
Site
- Read; Import Computers
SMS Scripts
- Read; Modify; Delete; Create; Move Object; Modify Folder; Approve
Software Metering Rule
- Read; Modify; Delete; Create; Move Object; Modify Folder; Modify Report
Software Update Group
- Read; Modify; Delete; Create; Move Object; Modify Folder
Software Update Package
- Read; Modify; Delete; Create; Move Object; Modify Folder
Task Sequence Package
- Read; Modify; Delete; Create; Move Object; Modify Folder; Modify Report
User Device Affinities
- Read; Modify; Delete; Create; Modify Report

You can import a security role with the required permissions, using the following xml. Go to the ConfigMgr console -> Administration -> Security -> Secuirty Roles and select Import in the upper left corner. Copy the XML below to notepad and save it as an xml file. Then import the file.

ConfigMgr Security Role	Copy Code
<SMS_Roles> <SMS_Role CopiedFromID="SMS0009R" RoleName="SoftwareCentral" RoleDescription=""> <Operations> <Operation GrantedOperations="1890811559" ObjectTypeID="1" /> <Operation GrantedOperations="805446663" ObjectTypeID="2" /> <Operation GrantedOperations="524289" ObjectTypeID="6" /> <Operation GrantedOperations="140295" ObjectTypeID="7" /> <Operation GrantedOperations="537011207" ObjectTypeID="9" /> <Operation GrantedOperations="1031" ObjectTypeID="11" /> <Operation GrantedOperations="813835269" ObjectTypeID="17" /> <Operation GrantedOperations="140295" ObjectTypeID="19" /> <Operation GrantedOperations="537011207" ObjectTypeID="20" /> <Operation GrantedOperations="805448711" ObjectTypeID="31" /> <Operation GrantedOperations="536871943" ObjectTypeID="33" /> <Operation GrantedOperations="9" ObjectTypeID="42" /> <Operation GrantedOperations="9" ObjectTypeID="43" /> <Operation GrantedOperations="1031" ObjectTypeID="219" /> <Operation GrantedOperations="142359" ObjectTypeID="224" /> <Operation GrantedOperations="1031" ObjectTypeID="226" /> </Operations> </SMS_Role> </SMS_Roles>

ConfigMgr Security Role

Copy Code

<SMS_Roles>
  <SMS_Role CopiedFromID="SMS0009R" RoleName="SoftwareCentral" RoleDescription="">
    <Operations>
      <Operation GrantedOperations="1890811559" ObjectTypeID="1" />
      <Operation GrantedOperations="805446663" ObjectTypeID="2" />
      <Operation GrantedOperations="524289" ObjectTypeID="6" />
      <Operation GrantedOperations="140295" ObjectTypeID="7" />
      <Operation GrantedOperations="537011207" ObjectTypeID="9" />
      <Operation GrantedOperations="1031" ObjectTypeID="11" />
      <Operation GrantedOperations="813835269" ObjectTypeID="17" />
      <Operation GrantedOperations="140295" ObjectTypeID="19" />
      <Operation GrantedOperations="537011207" ObjectTypeID="20" />
      <Operation GrantedOperations="805448711" ObjectTypeID="31" />
      <Operation GrantedOperations="536871943" ObjectTypeID="33" />
      <Operation GrantedOperations="9" ObjectTypeID="42" />
      <Operation GrantedOperations="9" ObjectTypeID="43" />
      <Operation GrantedOperations="1031" ObjectTypeID="219" />
      <Operation GrantedOperations="142359" ObjectTypeID="224" />
      <Operation GrantedOperations="1031" ObjectTypeID="226" />
    </Operations>
  </SMS_Role>
</SMS_Roles>

Intune requirements (For Azure OpenID authentication)

You can use Azure OpenID to authenticate users to SoftwareCentral. To do this, an Application Registration in your Azure AD is required.

This is described in details here.