Knowledge Base

Search Knowledge Base by Keyword

Granting the Callisto App Pool Account a role in Configuration Manager

You are here:

To allow a Callisto user to access the Callisto client actions and collection management features, the App Pool which Callisto runs under must have a Configuration Manager role.

Step One

Establish the App Pool Identity (by default this is LocalSystem). On the Callisto server open IIS Manager – Servername – Application Pools. Find the Callisto App Pool and check the Identity column.

IIS Manager verifying the App Pool identity

If the identity is LocalSystem you will need to grant the Callisto Server computer some rights in Configuration Manager. See Step “Using Local System” below. If the identity is a username, see Using an App Pool Account below”.

Using Local System

If you already have a global group defined for Configuration Manager admin, simply add the computer account (e.g. DOMAIN\APACALTEST01$) to the security group, restart the Callisto server and your work is complete.

If you want to add the computer account to the Configuration Manager Admin node as a separate object, do the following:

Open the Configuration Manager console with an account that has Full Administrator or Security Administrator rights and navigate to the Administration – Security – Administrative Users node. Right click and select “Add User or Group”.

Click the Browse button and click Object Types to include Computers in the types of objects you want to find, click OK then type the name of your server and click “Check Names”, verify the correct object is found and click OK.

Click to Add an Assigned Security Role and select Operations Administrator from the list. Click OK and then click OK again on the Add User or Group dialogue.

If you want to restrict the rights given to the machine account, please see this article https://www.apajove.com/knowledge-base/creating-a-security-role-for-callisto-client-notifications-and-collection-modifications/

Using an App Pool Account

If you already have a global group defined for Configuration Manager admin, simply add the App Pool account (e.g. DOMAIN\CallistoAppPool) to the security group, restart the Callisto server and your work is complete.

If you want to add the App Pool account to the Configuration Manager Admin node as a separate object, do the following:

Open the Configuration Manager console with an account that has Full Administrator or Security Administrator rights and navigate to the Administration – Security – Administrative Users node. Right click and select “Add User or Group”.

Type the name of your App Pool Account and click “Check Names”, verify the correct object is found and click OK.

Click to Add an Assigned Security Role and select Operations Administrator from the list. Click OK and then click OK again on the Add User or Group dialogue. To restrict the rights to only the specific permissions required, please see this article https://www.apajove.com/knowledge-base/creating-a-security-role-for-callisto-client-notifications-and-collection-modifications/

Now Callisto has rights to the SCCM provider, you can move on and grant rights to the required roles and users in the Callisto interface.