Jump to content


Security Permissions on Application Source folder question - in regards to app catalog

Recommended Posts



I have a problem with the application catalog, initially i followed most of the setup tutorials published on this site about a year ago now, i had everything i wanted working nicely. Recently i've migrated the server objs and settings into a new domain and a new sccm installation with new site code. During my checks and re-installation i was going through folder permissions and always thought users shouldn't be able to browse the application source folder willy nilly.


I'd like to know how the application catalog works in regards to security contexts, originally, i must have just added the everyone group to get the app catalog app installs working for all my users and then forgot about it. I've removed this group today and now none of my apps install.


So what perms are needed on the app source folder to allow users to install apps from the app catalog?


Current Security on Sources folder - all sub folders inherit from this

share perms - everyone - full


sccmadmin account - full

sccm na account - read ex

system - full

sccm comp - full

comp admins -full

comp users - read ex


i've attached the error from the citaskmgr log, although i think it would point you to a boundary group error, but i know this is not the case as if i add everyone back to the sec perms, software downloads ok.


Thasnk all.






Share this post

Link to post
Share on other sites

Right, i think you've just answered it right there! completely forgot about distributing content.... I've just been playing with the perms and even when adding everyone back in it was still failing...


So... completely forgot about distributing apps etc, since i migrated all the objects back into this new installation, i haven't distributed ANY content >.<


So the app catalog installs apps from content on the DP.. can you tell a bit about how that works? where is all the DP content? When a user selects an app to install, under what security context is that executed in? I presume it uses an accoutn to access the dp share?



I was talking about the source folder where i store all the apps that get copied to theDP, i think this is where my thinking was off, i thought the app catalog was accessing this app source folder when downloading/installing apps, not the DP

Share this post

Link to post
Share on other sites

There not much to tell. Client content to the DP, download to their cache fold and run the install. If the content doesn't exist nothing will install.


Don't touch the share/file permissions for the DPs, CM12 will set them correctly.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...