Server Administrator Roles in MDM

  • Article

2/9/2009

System Center Mobile Device Manager uses role-based access control. Unlike an authentication system that specifies who a user is, role-based access is an authorization system that specifies what a user is authorized to access and what tasks that person can perform.

This topic describes Tasks by Administrator Roles, and Tasks and Administrator Roles by Cmdlet.

The following shows the Administrator Roles:

  • DeviceAdministrators
  • DeviceSupport
  • HelpdeskOperator
  • ServerAdministrators
  • SecurityAdministrators
  • ReadOnlyUsers

These roles are represented through MDM infrastructure groups that the Active Directory Configuration Tool (ADConfig) creates. For more information about these groups, see ADConfig Tool.

Tasks by Administrator Roles

The following shows the tasks that each administrator role gives users.

DeviceAdministrators

The DeviceAdministrators role is represented through the SCMDMDeviceAdmins (<instance name>) infrastructure group that ADConfig creates.

The following shows the tasks that a user who has the DeviceAdministrators role can perform.

Cmdlet Task

Add-BlockedDevice

Add a compromised managed Windows Mobile device to the blocked device table.

Disable-MDMInventory

Suspend all currently active device inventory collection tasks.

Enable-MDMInventory

Resume all device inventory collection tasks that were suspended by using the Disable-MDMInventory cmdlet.

Get-BlockedDevice

Return information about the current set of managed blocked devices.

Get-DeviceManagementConfig

Return the current global device management configuration.

Get-EnrollmentConfig

Return the current configuration of the Enrollment service.

Get-EnrollmentRequest

Return pending managed device enrollment requests.

Get-EnrollmentServiceLog

Return operational log entries from the Enrollment service database.

Get-MDMCurrentInstance

Return an MDMInstance object that represents the MDM instance that the current MDM Console is managing.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Get-MDMDevice

Return information about devices that MDM manages.

Get-MDMDeviceHistory

Return the complete set of transaction information for the specified managed device from the server operations log file.

Get-MDMDeviceInventory

Return the complete set of collected inventory data for the specified managed device.

Get-MDMDeviceStatus

Return status information for the specified managed device.

Get-MDMGatewayServer

Return the current gateway-specific settings and the last known configuration status.

Get-MDMGlobalGatewayConfig

Return the global virtual private network (VPN) settings shared among all computers that are running MDM Gateway Server.

Get-MDMInstance

Return a collection of MDMInstance objects that represent the MDM instances in your company.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has read permission in Active Directory can run this cmdlet.

Get-MDMInventoryItem

Return the currently active device inventory collection tasks.

Get-MDMServer

Return the collection of servers in MDM.

Get-MobilePolicyServiceConfig

Return the current configuration of the Group Policy service.

Get-SoftwareDistributionConfig

Return the current configuration of MDM software distribution service.

Get-WipeConfig

Return the current configuration of the wipe service.

Get-WipeRequest

Return the unprocessed wipe requests for the specified managed device.

New-EnrollmentRequest

Create a new managed device enrollment request.

New-MDMInventoryItem

Create a new device inventory collection task.

New-WipeRequest

Create a new wipe request that deletes all content on the targeted managed device.

Remove-BlockedDevice

Remove a managed device from the Blocked Device Table.

Remove-EnrollmentRequest

Remove a pending enrollment request for a managed device.

Remove-EnrollmentServiceLog

Remove operational log entries from the Enrollment service database.

Remove-MDMInventoryItem

Remove the specified device inventory collection task from the task list on the server.

Remove-WipeRequest

Remove a wipe request for the specified managed device if the wipe request is yet unprocessed.

Restore-MDMInventoryDefaults

Set all device inventory collection settings to their default values.

Set-DeviceManagementConfig

Set the global device management configuration values.

Set-EnrollmentConfig

Update the current configuration of the Enrollment service by using the provided values.

Set-MDMCurrentInstance

Configure the current MDM Console to manage a specific MDM instance.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Set-MDMGlobalGatewayConfig

Update the global VPN settings shared among all computers that are running MDM Gateway Server.

Set-MDMInventoryItem

Set the collection frequency for a device inventory collection item.

Set-MobilePolicyServiceConfig

Set the configuration of the Group Policy service.

Set-SoftwareDistributionConfig

Set the configuration of MDM software distribution service.

Set-WipeConfig

Configure the properties of the wipe service.

Update-MDMGatewayServer

Update each MDM Gateway Server by sending configuration and other information from the Mobile Device Manager Gateway Central Management component of MDM Device Management Server.

Dd261911.note(en-us,TechNet.10).gifNote:
Use this cmdlet infrequently, and only for troubleshooting purposes.

Update-MobilePolicyCalculation

Update the Resultant Set of Policy (RSoP) held by the server for a given device.

DeviceSupport

The DeviceSupport role is represented through the SCMDMDeviceSupport (<instance name>) infrastructure group that ADConfig creates.

The following shows the tasks that a user who has the DeviceSupport role can perform.

Cmdlet Task

Add-BlockedDevice

Add a compromised managed device to the blocked device table.

Get-BlockedDevice

Return information about the current set of managed devices that are blocked

Get-DeviceManagementConfig

Return the current global device management configuration.

Get-EnrollmentConfig

Return the current configuration of the Enrollment service.

Get-EnrollmentRequest

Return pending managed device enrollment requests.

Get-EnrollmentServiceLog

Return operational log entries from the Enrollment service database.

Get-MDMCurrentInstance

Return an MDMInstance object that represents the MDM instance that the current MDM Console is managing.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Get-MDMDevice

Return information about devices that MDM manages.

Get-MDMDeviceHistory

Return the complete set of transaction information for the specified managed device from the server operations log file.

Get-MDMDeviceInventory

Return the complete set of collected inventory data for the specified managed device.

Get-MDMDeviceStatus

Return status information for the specified managed device.

Get-MDMGatewayServer

Return the current gateway-specific settings and the last known configuration status.

Get-MDMGlobalGatewayConfig

Return the global VPN settings shared among all computers that are running MDM Gateway Server.

Get-MDMInstance

Return a collection of MDMInstance objects that represent the MDM instances in your company.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has read permission in Active Directory can run this cmdlet.

Get-MDMInventoryItem

Return the currently active device inventory collection tasks.

Get-MDMServer

Return the collection of servers in MDM.

Get-MobilePolicyServiceConfig

Return the current configuration of the Group Policy service.

Get-SoftwareDistributionConfig

Return the current configuration of MDM software distribution service.

Get-WipeConfig

Return the current configuration of the wipe service.

Get-WipeRequest

Return the unprocessed wipe requests for the specified managed device.

New-EnrollmentRequest

Create a new managed device enrollment request.

New-WipeRequest

Create a new wipe request that deletes all content on the targeted managed device.

Remove-BlockedDevice

Remove a managed device from the Blocked Device Table.

Remove-EnrollmentRequest

Remove a pending enrollment request for a managed device.

Remove-WipeRequest

Remove a wipe request for the specified managed device if the wipe request is yet unprocessed.

Set-MDMCurrentInstance

Configure the current MDM Console to manage a specific MDM instance.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Update-MobilePolicyCalculation

Update the RSoP held by the server for a given device.

HelpdeskOperator

The HelpdeskOperator role is represented through the SCMDMHelpdeskOperator (<instance name>) infrastructure group that ADConfig creates.

The following shows the tasks that a user who has the HelpDeskOperator role can perform.

Cmdlet Task

Get-BlockedDevice

Return information about the current set of managed devices that are blocked.

Get-DeviceManagementConfig

Return the current global device management configuration.

Get-EnrollmentConfig

Return the current configuration of the Enrollment service.

Get-EnrollmentRequest

Return pending managed device enrollment requests.

Get-EnrollmentServiceLog

Return operational log entries from the Enrollment service database.

Get-MDMCurrentInstance

Return an MDMInstance object that represents the MDM instance that the current MDM Console is managing.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Get-MDMDevice

Return information about devices that MDM manages.

Get-MDMDeviceHistory

Return the complete set of transaction information for the specified managed device from the server operations log file.

Get-MDMDeviceInventory

Return the complete set of collected inventory data for the specified managed device.

Get-MDMDeviceStatus

Return status information for the specified managed device.

Get-MDMGatewayServer

Return the current gateway-specific settings and the last known configuration status.

Get-MDMGlobalGatewayConfig

Return the global VPN settings shared among all computers that are running MDM Gateway Server.

Get-MDMInstance

Return a collection of MDMInstance objects that represent the MDM instances in your company.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has read permission in Active Directory can run this cmdlet.

Get-MDMInventoryItem

Return the currently active device inventory collection tasks.

Get-MDMServer

Return the collection of servers in MDM.

Get-MobilePolicyServiceConfig

Return the current configuration of the Group Policy service.

Get-SoftwareDistributionConfig

Return the current configuration of MDM software distribution service.

Get-WipeConfig

Return the current configuration of the wipe service.

Get-WipeRequest

Return the unprocessed wipe requests for the specified managed device.

New-EnrollmentRequest

Create a new managed device enrollment request.

Remove-EnrollmentRequest

Remove a pending enrollment request for a managed device.

Set-MDMCurrentInstance

Configure the current MDM Console to manage a specific MDM instance.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Update-MobilePolicyCalculation

Update the RSoP held by the server for a given device.

ServerAdministrators

The ServerAdministrators role is represented through the SCMDMServerAdmins (<instance name>) infrastructure group that ADConfig creates.

The following shows the tasks that a user who has the ServerAdministrators role can perform.

Cmdlet Task

Add-MDMGatewayServer

Add a new computer that is running MDM Gateway Server to MDM.

Disable-MDMTrace

Disable Windows Preprocessor (WPP) logging for one or more components.

Dd261911.note(en-us,TechNet.10).gifNote:
A user who has local administrator privileges can perform this task locally on the server. A user who has the ServerAdministrators role can use the cmdlet with the appropriate parameters to perform this task remotely, or on the local server, without requiring local administrative credentials.

Enable-MDMTrace

Enable WPP logging for one or more components.

Dd261911.note(en-us,TechNet.10).gifNote:
A user who has local administrator privileges can perform this task locally on the server. A user who has the ServerAdministrators role can use the cmdlet with the appropriate parameters to perform this task remotely, or on the local server, without requiring local administrative credentials.

Get-BlockedDevice

Return information about the current set of managed devices that are blocked.

Get-DeviceManagementConfig

Return the current global device management configuration.

Get-EnrollmentConfig

Return the current configuration of the Enrollment service.

Get-EnrollmentRequest

Return pending managed device enrollment requests.

Get-EnrollmentServiceLog

Return operational log entries from the Enrollment service database.

Get-MDMCurrentInstance

Return an MDMInstance object that represents the MDM instance that the current MDM Console is managing.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Get-MDMDevice

Return information about devices that MDM manages.

Get-MDMDeviceHistory

Return the complete set of transaction information for the specified managed device from the server operations log file.

Get-MDMDeviceInventory

Return the complete set of collected inventory data for the specified managed device.

Get-MDMDeviceStatus

Return status information for the specified managed device.

Get-MDMGatewayServer

Return the current gateway-specific settings and the last known configuration status.

Get-MDMGlobalGatewayConfig

Return the global VPN settings shared among all computers that are running MDM Gateway Server.

Get-MDMInstance

Return a collection of MDMInstance objects that represent the MDM instances in your company.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has read permission in Active Directory can run this cmdlet.

Get-MDMInventoryItem

Return the currently active device inventory collection tasks.

Get-MDMServer

Return the collection of servers in MDM.

Get-MDMTrace

Return information about the currently enabled and active Windows Software Trace Preprocessor (WPP) components.

Get-MobilePolicyServiceConfig

Return the current configuration of the Group Policy service.

Get-SoftwareDistributionConfig

Return the current configuration of MDM software distribution service.

Get-WipeConfig

Return the current configuration of the wipe service.

Get-WipeRequest

Return the unprocessed wipe requests for the specified managed device.

Remove-MDMGatewayServer

Remove MDM Gateway Server and all corresponding properties from MDM.

Restore-MDMInventoryDefaults

Set all device inventory collection settings to their default values.

Set-DeviceManagementConfig

Set the global device management configuration values.

Set-EnrollmentConfig

Update the current configuration of the Enrollment service by using the provided values.

Set-MDMCurrentInstance

Configure the current MDM Console to manage a specific MDM instance.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Set-MDMGatewayServer

Update the current settings for the specified MDM Gateway Server.

Set-MDMGlobalGatewayConfig

Update the global VPN settings shared among all computers that are running MDM Gateway Server.

Set-MobilePolicyServiceConfig

Set the configuration of the Group Policy service.

Set-SoftwareDistributionConfig

Set the configuration of MDM software distribution service.

Set-WipeConfig

Configure the properties of the wipe service.

Start-MDMVPNService

Start the VPN service on the specified MDM Gateway Server.

Stop-MDMVPNService

Stop the VPN service on the specified MDM Gateway Server.

Update-MDMGatewayServer

Update each MDM Gateway Server by sending configuration and other information from the MDM GCM component of MDM Device Management Server.

Dd261911.note(en-us,TechNet.10).gifNote:
Use this cmdlet infrequently, and only for troubleshooting purposes.

Update-MobilePolicyCalculation

Update the RSoP held by the server for a given device.

SecurityAdministrators

The SecurityAdministrators role is represented through the SCMDMSelfSecurityAdmins (<instance name>) infrastructure group that ADConfig creates.

Security administrators have no explicit permissions on any cmdlet. However, these users, created by ADConfig.exe /createinstance, have permissions to add and remove members from all other MDM administrator groups. Domain administrators can delegate the security of MDM to security administrators.

ReadOnlyUsers

The ReadOnlyUsers role is represented through the SCMDMReadOnlyUsers (<instance name>) infrastructure group that ADConfig creates.

The following table shows the tasks that a user who has the ReadOnlyUsers role can perform.

Cmdlet Task

Get-BlockedDevice

Return information about the current set of managed blocked devices.

Get-DeviceManagementConfig

Return the current global device management configuration.

Get-EnrollmentConfig

Return the current configuration of the Enrollment service.

Get-EnrollmentRequest

Return pending managed device enrollment requests.

Get-EnrollmentServiceLog

Return operational log entries from the Enrollment service database.

Get-MDMCurrentInstance

Return an MDMInstance object that represents the MDM instance that the current MDM Console is managing.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Get-MDMDevice

Return information about devices that MDM manages.

Get-MDMDeviceHistory

Return the complete set of transaction information for the specified managed device from the server operations log file.

Get-MDMDeviceInventory

Return the complete set of collected inventory data for the specified managed device.

Get-MDMDeviceStatus

Return status information for the specified managed device.

Get-MDMGatewayServer

Return the current gateway-specific settings and the last known configuration status.

Get-MDMGlobalGatewayConfig

Return the global virtual private network (VPN) settings shared among all computers that are running MDM Gateway Server.

Get-MDMInstance

Return a collection of MDMInstance objects that represent the MDM instances in your company.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has read permission in Active Directory can run this cmdlet.

Get-MDMInventoryItem

Return the currently active device inventory collection tasks.

Get-MDMServer

Return the collection of servers in MDM.

Get-MobilePolicyServiceConfig

Return the current configuration of the Group Policy service.

Get-SoftwareDistributionConfig

Return the current configuration of MDM software distribution service.

Get-WipeConfig

Return the current configuration of the wipe service.

Get-WipeRequest

Return the unprocessed wipe requests for the specified managed device.

Set-MDMCurrentInstance

Configure the current MDM Console to manage a specific MDM instance.

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Tasks and Administrator Roles by Cmdlet

The following shows the tasks that each role can perform.

Cmdlet Task Required Admin Role

Add-BlockedDevice

Add a compromised managed device to the blocked device table.

DeviceAdministrators

DeviceSupport

Add-MDMGatewayServer

Add a new computer that is running MDM Gateway Server to MDM.

ServerAdministrators

Disable-MDMInventory

Suspend all currently active device inventory collection tasks.

DeviceAdministrators

Disable-MDMTrace

Disable WPP logging for one or more components.

ServerAdministrators or local machine administrators when run from a computer that is running MDM when there are no local administrator privileges.

Enable-MDMInventory

Resume all device inventory collection tasks that were suspended with the Disable-MDMInventory cmdlet.

DeviceAdministrators

Enable-MDMTrace

Enable WPP logging for one or more components.

ServerAdministrators role, or local machine administrators when run from a computer that is running MDM when there are no local administrator privileges.

Get-BlockedDevice

Return information about the current set of managed devices that are blocked.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-DeviceManagementConfig

Return the current global device management configuration.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-EnrollmentConfig

Return the current configuration of the Enrollment service.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-EnrollmentRequest

Return pending managed device enrollment requests.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-EnrollmentServiceLog

Return operational log entries from the Enrollment service database.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMCurrentInstance

Return an MDMInstance object that represents the MDM instance that the current MDM Console is managing.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Get-MDMDevice

Return information about managed devices that controls.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMDeviceHistory

Return the complete set of transaction information for the specified managed device from the server operations log file.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMDeviceInventory

Return the complete set of collected inventory data for the specified managed device.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMDeviceStatus

Return status information for the specified managed device.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMGatewayServer

Return the current gateway-specific settings and the last known configuration status.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMGlobalGatewayConfig

Return the global VPN settings shared among all computers that are running MDM Gateway Server.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMInstance

Return a collection of MDMInstance objects that represent the MDM instances in your company.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has read permission in Active Directory can run this cmdlet.

Get-MDMInventoryItem

Return the currently active device inventory collection tasks.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMServer

Return the collection of servers in MDM.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-MDMTrace

Return information about the currently enabled and active Windows Software Trace Preprocessor (WPP) components.

ServerAdministrator

Get-MobilePolicyServiceConfig

Return the current configuration of the Group Policy service.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-SoftwareDistributionConfig

Return the current configuration of MDM software distribution service.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-WipeConfig

Return the current configuration of the wipe service.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Get-WipeRequest

Return the unprocessed wipe requests for the specified managed device.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

New-EnrollmentRequest

Create a new managed device enrollment request.

DeviceAdministrators

DeviceSupport

HelpdeskOperator

New-MDMInventoryItem

Create a new device inventory collection task.

DeviceAdministrators

New-WipeRequest

Create a new wipe request that deletes all content on the targeted managed device.

DeviceAdministrators

DeviceSupport

Remove-BlockedDevice

Remove a managed device from the Blocked Device Table.

DeviceAdministrators

DeviceSupport

Remove-EnrollmentRequest

Remove a pending enrollment request for a managed device.

DeviceAdministrators

DeviceSupport

HelpdeskOperator

Remove-EnrollmentServiceLog

Remove operational log entries from the Enrollment service database.

DeviceAdministrators

Remove-MDMGatewayServer

Remove MDM Gateway Server and all corresponding properties from MDM.

ServerAdministrators

Remove-MDMInventoryItem

Remove the specified device inventory collection task from the task list on the server.

DeviceAdministrators

Remove-WipeRequest

Remove a wipe request for the specified managed device if the wipe request is yet unprocessed.

DeviceAdministrators

DeviceSupport

Restore-MDMInventoryDefaults

Set all device inventory collection settings to their default values.

ServerAdministrators

DeviceAdministrators

Set-DeviceManagementConfig

Set the global device management configuration values.

ServerAdministrators

DeviceAdministrators

Set-EnrollmentConfig

Update the current configuration of the Enrollment service by using the provided values.

ServerAdministrators

DeviceAdministrators

Set-EnrollmentPermissions

Grant the MDM Enrollment Server permission to create computer objects for managed devices in the specified Active Directory container.

Domain Administrator

Set-MDMCurrentInstance

Configure the current MDM Console to manage a specific MDM instance.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

ReadOnlyUsers

Dd261911.note(en-us,TechNet.10).gifNote:
Anyone who has access to MDM Console can run this cmdlet.

Set-MDMGatewayServer

Update the current settings for the specified MDM Gateway Server.

ServerAdministrators

Set-MDMGlobalGatewayConfig

Update the global VPN settings shared among all computers that are running MDM Gateway Server.

ServerAdministrators

DeviceAdministrators

Set-MDMInventoryItem

Set the collection frequency for a device inventory collection item.

DeviceAdministrators

Set-MobilePolicyServiceConfig

Set the configuration of the Group Policy service.

ServerAdministrators

DeviceAdministrators

Set-SoftwareDistributionConfig

Set the configuration of MDM software distribution service.

ServerAdministrators

DeviceAdministrators

Set-WipeConfig

Configure the properties of the wipe service.

ServerAdministrators

DeviceAdministrators

Start-MDMVPNService

Start the VPN service on the specified MDM Gateway Server.

ServerAdministrators

Stop-MDMVPNService

Stop the VPN service on the specified MDM Gateway Server.

ServerAdministrators

Update-MDMGatewayServer

Update each MDM Gateway Server by sending configuration and other information from the MDM GCM component of MDM Device Management Server.

Dd261911.note(en-us,TechNet.10).gifNote:
Use this cmdlet infrequently, and only for troubleshooting purposes.

ServerAdministrators

DeviceAdministrators

Update-MobilePolicyCalculation

Update the RSoP held by the server for a given device.

ServerAdministrators

DeviceAdministrators

DeviceSupport

HelpdeskOperator

See Also

Reference

Server Infrastructure Roles in MDM