Applies for EMv6 & EMv7
The "System" section is used to create new objects within the EM.
This section is used to manage AD or EM-internal users that have access to the EM console.
The account is the name used for subsequent log-in. For the user type "Normal user" this is the normal AD account. It must be identical with the AD log-in name (without domain). A click on the magnifier beside the account field allows you to verify the name and to scan the user's data (first name, last name etc.), which must be imported via
Data > Import > Employees into the EM. A password must only be specified if a system user (EM-internal user) is created. Also, the mandatory fields "Firstname", "Lastname" and "E-Mail" must be filled, unless they are updated and maintained in AD. The "Department" field is optional. You can also set the initial language of the user (German or English) and define whether the menus are animated.
The user type "System user" is used for accessing the programming interface.
User types can be identified through the respective icon in the EM. There is the additional option of the "team user", which is the user that has been automatically specified during the team import process. More information can be found under the following "Team" section.
Teams are used to group users. You can assign users via the "Permanent Members" or alternatively via the AD Group" option.
"Permanent Members" must have been created before by importing them into the EM database. For an AD group, AD is scanned directly and the respective group (or several groups) can be selected accordingly. It is also possible to set a manager (or several managers) to be selected from existing EM users.
Roles are used to define permissions in the EM and to specify which pages shall be displayed within the console (navigation elements), which options are permitted, e.g., create device collections (security options), which release group may be accessed and which inventory objects shall be displayed, for instance, the operating system in use. The "Folder" option allows you to specify the folder where the role shall be created. The "Select" option defines whether a user may request the role himself or whether it can only be assigned by an administrator. You must provide a role description in German and English and it is again possible to define a manager (or several managers) who manage(s) the group (more details on managers can be found here).
Locations are defined, based on OU objects from AD; they must have been imported into AD before (Data > Import > ActiveDirectory).
Locations will be removed in a future EM version!
Computer groups are a collection of computers. Again, it is possible to define on which level (folder) the group shall be inserted and whether a user may request access himself or whether the group is only visible for administrators.
Computer selection options include "Import all computers", "All computers from existing locations/computer groups" or "Select computer". If the first option (all computers) is selected, all computers which have been imported into the EM via the EM data import function (under Data > Import) are inserted. Based on the second option, only those computers are selected which have already been assigned to a location/computer group. The last option is used to specifically define which computers shall be added. The "Exclude" and "Filter" options can be used to reduce the defined computers further to only select those you want to assign to the group.
Use the "Update" option to define when group members shall be updated, based on the selection criteria. Schedules are set up that specify how often the computer group shall be updated automatically. Under "Manager" you can specify one manager (or several managers) for the group.
Release groups can only be created and a name can be specified accordingly. You may then assign applications/packages/roll-out plans/OSD configurations/patch lists to the release group. Roles define which release groups and linked applications may be accessed by a user.