This section shows you how to add users to the Microsoft System Center Mobile Device Manager (MDM) 2008 Server Administrators group. All users whom you add to this group will be able to install MDM components and administer the MDM architecture. The MDM Server Administrators group has the credentials to add or remove members to and from all other MDM groups. By default, the Domain Administrators group is added to the MDM Server Administrators group.
SCMDM2008 server administrator credentials will allow you to perform the MDM install. However, to perform other device operations such as device management configuration and device wipe, you may need to belong to the following groups:
- SCMDM2008DeviceAdministrator
- SCMDM2008DeviceSupport
- SCMDM2008HelpdeskOperator
 Important: |
|---|
| After you add a member to a group, you may need to log off the server to refresh your Active Directory credentials. |
To view the administrator groups and folders, in Active Directory Users and Computers, choose the Viewtab, and then choose the Advanced Featuresoption. Members of the SCMDM2008ServerAdministrators group have permission to add or remove members from all MDM groups.
For security best practices you should monitor the accounts added to each MDM group. For a list of MDM group roles, see ADConfig Tool.
To add an account to the MDM
Server Administrators Group
-
In Active Directory Users and Computers, on the Viewtab, choose Advanced Features.
-
Open the Users folder.
-
Right-click SCMDM2008ServerAdministratorsand then select Properties.
-
Choose the Memberstab and then choose Add.
-
Type the name of the account that you want to add as an MDM administrator.
-
Choose OKtwo times to close the dialog box.