Prerequisites
- A web server (Windows Server 2016 or above) to install SoftwareCentral and its associated services on. Note that the server must be AD joined.
- A Microsoft SQL database (SQL or SQL Express 2014 or above). We recommend that you use the collation SQL_Latin1_General_CP1_CI_AS for both the server and the database. It is however a requirement that the server and database run the same collation.
- A service account with the following permissions:
- Read, write and execute permissions on the SoftwareCentral database.
- Read and execute permissions on all ConfigMgr site databases.
- Local Administrative rights on the web server.
- Log on as a service rights on the web server.
- Act as part of the operating system permissions on the web server.
- Replace a process level token permissions on the web server.
- Adjust memory quotas for a process permissions on the web server.
- An Active Directory group to manage administrative users for SoftwareCentral.
To install SoftwareCentral, the account that signs on to the web server must also have the following permissions:
- Local Administrative rights on the web server.
- Permissions to connect to the SoftwareCentral database. If the account does not have permissions to create a database and login, an empty database can be manually created with a login for the SoftwareCentral service account.
- If you choose to manually create the database, use collation "SQL_Latin1_General_CP1_CI_AS".
- The login must have read, write and execute permissions.
- If the account has access to the ConfigMgr database, the SoftwareCentral installer can create the required login and assign read and execute permissions to the ConfigMgr database. Otherwise this will have to be done manually.
Follow the installation guide to install SoftwareCentral.
Windows Server minimum requirements
The minimum requirements for this server is as follows:
- Windows Server 2016 or above
- Microsoft Internet Information services (IIS) 10 or above
- Microsoft .NET Framework 4.8 or above
- IIS URL Rewrite Module 2.1 or above (Download from here)
- Dual core processor or above
- 8 GB of memory or above
- 10 GB of free disk space or above
- Microsoft SQL Server 2014 or above or Microsoft SQL Express Server 2014 or above
Hardware requirements will increase with the amount of simultaneous users of SoftwareCentral. If needed, SoftwareCentral supports load balancing and SQL clusters.
Required server roles and features
- Web Server (IIS)
- Web Server
- Common HTTP Features
- Application Development
- ASP
- ASP.NET 3.5
- ASP.NET 4.8
- Security
- Windows Authentication (Only needed if you intend to use Windows Authentication)
- .NET Framework 4.8 Features
- .NET Framework 4.8
- ASP.NET 4.8
- .NET Framework 3.5 Features
Firewall ports
The following ports must be open:
- 443 for HTTPS connections to the site
- 80 for the HTTP connection to the site
- 1433 for database connections
- 135 and the port range defined in the environment for WMI calls
- 2701 and 2702 for the Remote Control Tool on ConfigMgr
- 389 for LDAP or 636 for LDAPS.
- 445 to read log files on clients
- 137 UDP/TCP for network discovery
- 138 UDP for network discovery
- 139 TCP for network discovery
ConfigMgr requirements
SoftwareCentral connects to your ConfigMgr using the service account. You may also add additional service accounts after the installation, that can be used for this connection.
The account used must have the following permissions on the ConfigMgr:
- Application
- Read; Modify; Delete; Create; Approve; Move Object; Modify Folder; Run Report; Modify Report
- Application Group
- Read; Modify; Delete; Set Security Scope; Create; Approve; Move Object; Modify Folder
- Boot Image Package
- Read; Modify; Delete; Create; Move Object; Modify Folder
- Collection
- Read; Modify; Delete; Remote Control; Modify Resource; Delete Resource; Create; View Collected File; Read Resource; Move Object; Deploy Packages; Deploy Client Settings; Modify Folder; Deploy Applications; Modify Collection Setting; Deploy Task Sequences; Run Script; Notify resource; Modify Client Status Alert
- Computer Association
- Read; Delete; Create; Move Object; Modify Folder; Recover User State; Run Report; Modify Report
- Configuration Item
- Read; Modify; Delete; Create
- Distribution Point
- Read; Copy to Distribution Point
- Distribution Point Group
- Read; Copy to Distribution Point
- Folder Class
- Read; Modify; Delete; Create
- Package
- Read; Modify; Delete; Create; Move Object; Modify Folder; Run Report; Modify Report
- Phased Deployments
- Read; Modify; Delete; Create
- Query
- Read; Modify; Delete; Create; Move Object; Modify Folder
- Site
- SMS Scripts
- Read; Modify; Delete; Create; Move Object; Modify Folder; Approve
- Software Metering Rule
- Read; Modify; Delete; Create; Move Object; Modify Folder; Modify Report
- Software Update Group
- Read; Modify; Delete; Create; Move Object; Modify Folder
- Software Update Package
- Read; Modify; Delete; Create; Move Object; Modify Folder
- Task Sequence Package
- Read; Modify; Delete; Create; Move Object; Modify Folder; Modify Report
- User Device Affinities
- Read; Modify; Delete; Create; Modify Report
You can import a security role with the required permissions, using the following xml. Go to the ConfigMgr console -> Administration -> Security -> Secuirty Roles and select Import in the upper left corner. Copy the XML below to notepad and save it as an xml file. Then import the file.
ConfigMgr Security Role |
Copy Code
|
<SMS_Roles>
<SMS_Role CopiedFromID="SMS0009R" RoleName="SoftwareCentral" RoleDescription="">
<Operations>
<Operation GrantedOperations="1890811559" ObjectTypeID="1" />
<Operation GrantedOperations="805446663" ObjectTypeID="2" />
<Operation GrantedOperations="524289" ObjectTypeID="6" />
<Operation GrantedOperations="140295" ObjectTypeID="7" />
<Operation GrantedOperations="537011207" ObjectTypeID="9" />
<Operation GrantedOperations="1031" ObjectTypeID="11" />
<Operation GrantedOperations="813835269" ObjectTypeID="17" />
<Operation GrantedOperations="140295" ObjectTypeID="19" />
<Operation GrantedOperations="537011207" ObjectTypeID="20" />
<Operation GrantedOperations="805448711" ObjectTypeID="31" />
<Operation GrantedOperations="536871943" ObjectTypeID="33" />
<Operation GrantedOperations="9" ObjectTypeID="42" />
<Operation GrantedOperations="9" ObjectTypeID="43" />
<Operation GrantedOperations="1031" ObjectTypeID="219" />
<Operation GrantedOperations="142359" ObjectTypeID="224" />
<Operation GrantedOperations="1031" ObjectTypeID="226" />
</Operations>
</SMS_Role>
</SMS_Roles>
|
Intune requirements (For Azure OpenID authentication)
You can use Azure OpenID to authenticate users to SoftwareCentral. To do this, an Application Registration in your Azure AD is required.
This is described in details here.
See Also