Re: SMS 2.0 and Windows 2000 GPO

From: Jack (jackrat_61_at_hotmail.com)
Date: 08/04/04 

Date: Wed, 4 Aug 2004 10:49:03 -0700

I forgot to insert the exported information from the Local Policies\User
Rights assignment:

Policy Computer Setting
Access this computer from the network
*S-1-5-21-436374069-616249376-1801674531-513,Administrators
Act as part of the operating system Not defined
Add workstations to domain *S-1-5-21-436374069-616249376-1801674531-500
Back up files and directories
*S-1-5-21-436374069-616249376-1801674531-500,Backup Operators,Administrators
Bypass traverse checking Everyone
Change the system time *S-1-5-21-436374069-616249376-1801674531-500
Create a pagefile *S-1-5-21-436374069-616249376-1801674531-500
Create a token object Not defined
Create permanent shared objects Not defined
Debug programs *S-1-5-21-436374069-616249376-1801674531-500,Administrators
Deny access to this computer from the network Not defined
Deny logon as a batch job Not defined
Deny logon as a service Not defined
Deny logon locally Not defined
Enable computer and user accounts to be trusted for delegation Not defined
Force shutdown from a remote system
*S-1-5-21-436374069-616249376-1801674531-500,Administrators
Generate security audits Not defined
Increase quotas *S-1-5-21-436374069-616249376-1801674531-500
Increase scheduling priority
*S-1-5-21-436374069-616249376-1801674531-500,Administrators
Load and unload device drivers
*S-1-5-21-436374069-616249376-1801674531-500,Administrators
Lock pages in memory Not defined
Log on as a batch job Not defined
Log on as a service SMSCliSvcAcct&,SMSCliToknAcct&
Log on locally Everyone
Manage auditing and security log
*S-1-5-21-436374069-616249376-1801674531-500,Administrators
Modify firmware environment values
*S-1-5-21-436374069-616249376-1801674531-500,Administrators
Profile single process Administrators
Profile system performance Administrators
Remove computer from docking station Users,Administrators
Replace a process level token SYSTEM
Restore files and directories Backup Operators,Administrators
Shut down the system Everyone
Synchronize directory service data Not defined
Take ownership of files or other objects
*S-1-5-21-436374069-616249376-1801674531-500,Administrators

"Jack" <jackrat_61@hotmail.com> wrote in message
news:uS7BShkeEHA.332@TK2MSFTNGP09.phx.gbl...
> We have SMS 2.0 SP5, one primary site server and two secondary site
servers.
> The operating system is Windows 2000 Server and Windows 2000 Professional
> for the clients. The problem is with Windows group policies and the
> SMSCliSvcAcct&. When I move the clients out of the OU that has policies
> defined and into the Computers OU where policies are not defined they get
> their advertisements and packages. When I move them back into the OU with
> group policies in place the clients software distribution will not work
> unless I change the SMS Client Service Log On account from SMSCliSvcAcct&
to
> Local System account. I've changed the group policy System Services SMS
> Client Service from not defined to defined with administrator group and
> inserted the SMSCliSvcAcct& in that group with no luck. I've use the
> SMSService domain admin account in that policy with no luck. I don't know
> what in the group policies that needs to be changed or undefined. Is it
> something in the Local Policies\User Rights Assignment?
>
>
>
> Thank you,
>
>
>
> Jack
>
>

Loading