I’ve been using powershell with Configuration Manager recently and I’ve been looking at security roles. If you’re looking to create your own security roles with powershell and you don’t already have a template, you’ll first need to copy one of the existing roles to get started. To do this you need to know the role ID for the source security role, these aren’t so easy to find so here you go:
| Full Administrator | SMS0001R |
| Read-Only Analyst | SMS0002R |
| Remote Tools Operator | SMS0003R |
| Asset Manager | SMS0004R |
| Compliance Settings Manager | SMS0006R |
| Application Deployment Manager | SMS0007R |
| Application Author | SMS0008R |
| Application Administrator | SMS0009R |
| Operating System Deployment Manager | SMS000AR |
| Infrastructure Administrator | SMS000BR |
| Software Update Manager | SMS000CR |
| Operations Administrator | SMS000ER |
| Security Administrator | SMS000FR |
| Endpoint Protection Manager | SMS000GR |
You’ll want to use these with the Copy-CMSecurityRole powershell command. Keep an eye out for some scripts which I plan to make available soon which should make your ConfigMgr life a little easier.
More than patches 