Administrator--Client installation account problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Richard (Richard_at_discussions.microsoft.com)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 11:02:07 -0700

It states in the SMS 2003 Admin. Companion book, "Be sure that whatever
client installation account you're using---the SMS Service account or your
own designated SMS Client Push Installation account--has local admin. rights
on the client."

I am starting to deploy to the clients using the Advanced Client.

I have some questions on how to setup the security in various areas of SMS:

1. Which System Service is the "SMS Service" account--is it the
SMS_EXECUTIVE service or other?
2. Should this System Service be changed from Local System to domain
administrator in order to be able to succesfully push out the clients using
the Client Push Install Wizard?
3. In Client Push Install Methods-->Client Push Installation, what type of
account needs to be listed--a Domain Admins group user (insecure), regular
user account, other?
4. In Component Configuration-->Software Configuration-->Software
Distribution, what type of account needs to be listed for Advanced Client
Network Access Account?

Do all of these accounts need to have some sort of local admin. access or
domain admin. access or can some of them be regular user accounts? I want to
configure SMS to be secure but hopefully without having to goto each PC to
add a newly created domain admin. user directly to each PCs' Local Admin's
group.

Thanks
Richard

Relevant Pages

  • Re: Remove administrator account from domain guest group
    ... it will work for your client as well. ... the guests account and have full control without errors. ... Misuse of Domain Admin accounts certainly can wreek plenty of ... the domain guest users group. ...
    (microsoft.public.windows.server.sbs)
  • Re: Adv Client Login Script Install
    ... Can you post the capinst log, one using a non-admin account, and another ... has admin rights on the test client PC. ... when trying to use the logon script to install the client. ...
    (microsoft.public.sms.setup)
  • Re: Advanced Client install nightmare
    ... I can successfully connect to the Admin$ share of every machine using the ... I have deleted and re-created the client install account and the client ... no remote client installation or SMS service account found ...
    (microsoft.public.sms.admin)
  • Re: 1 SMS Advanced Client will not install...
    ... If you used AD system discovery the issue is that we discover the AD Site ... In the component configuration node in the admin UI there is software ... In there is a place for the network access account. ... The client push account has Domain> Admin permissions only. ...
    (microsoft.public.sms.admin)
  • Re: Incoming E-Mail - cant create contact in OU
    ... central admin pool different than the web app. ... that account a little (if the web app is compromised or something, ... So I started with giving the app pool account domain admins permissions then ...
    (microsoft.public.sharepoint.windowsservices)