Grant Permission to Endpoint Protection Reports

While reading the Microsoft forums, I saw a request about how to grant permission on Endpoint Protection reports. I thought that I would take the time to put together the steps in System Center Configuration Manager (SCCM/ConfigMgr) 2012 for you.

  • First, create an AD security group called Endpoint Protection Reports.
  • Next, assign the appropriate users to the AD group.
  • Create a security role to grant access to the following items:
    • Antimalware Policy: Run Reports
    • Firewall Setting: Run Reports
    • Site: Read

Endpoint Protection Reports Properties

  • Finally, assign this security scope to the AD security group: Endpoint Protection Reports.

After that last step, you’re done!

In order to help make your life easier, I have exported the Endpoint Protection Reports security role. You can download and import it on your site. If you would like more details about the forum post, please see

Please let me know if you have any questions about how to grant permission to Endpoint Protection reports by leaving a note in the comment section below, or sending an email to Techtalk.

See how Right Click Tools are changing the way systems are managed.

Immediately boost productivity with our limited, free to use, Community Edition.

Get started with Right Click Tools today:


  • This field is for validation purposes and should be left unchanged.


  • This field is for validation purposes and should be left unchanged.

By submitting this form, you understand that Recast Software may process your data as described in the Recast Software Privacy Policy.