Re: Administrator--Client installation account problem
From: Jeff Harbaugh [MSFT] (jeffharb_at_online.microsoft.com)
Date: 10/29/04
- Next message: Bippen Bisht [MSFT]: "Re: Scanwrapper.exe"
- Previous message: Jeff Harbaugh [MSFT]: "Re: automatic site code discovery was unsuccessful...help?"
- In reply to: Richard: "Administrator--Client installation account problem"
- Next in thread: BugginOuT: "Re: Administrator--Client installation account problem"
- Reply: BugginOuT: "Re: Administrator--Client installation account problem"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 29 Oct 2004 11:19:23 -0700
1. The SMS Service accoutn is the one you specified during setup. If you are
using advanced security the account is the local system account.
2. You do not have to be in advanced security to push the client.
3. This account can be a domain user account. (the restriction is that the
account needs to be a local admin on the client machines.) Also you can use
%Machinename%\Administrator. of course providing the Administrator account
has the same password on all the clients.
4. Regular domain user.
That is why most people add a domain admin account to the push account so
you do not have to add it manually to all computers. This is not required
though.
In order to execute software on the clients we need to have admin access to
the machines, which is why we require the account to be a local admin on the
clients.
-- Thanks, Jeff Harbaugh [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Richard" <Richard@discussions.microsoft.com> wrote in message news:D8AE02A9-4774-45E1-BB9E-BBCE2ABB5B0C@microsoft.com... > It states in the SMS 2003 Admin. Companion book, "Be sure that whatever > client installation account you're using---the SMS Service account or your > own designated SMS Client Push Installation account--has local admin. > rights > on the client." > > I am starting to deploy to the clients using the Advanced Client. > > I have some questions on how to setup the security in various areas of > SMS: > > 1. Which System Service is the "SMS Service" account--is it the > SMS_EXECUTIVE service or other? > 2. Should this System Service be changed from Local System to domain > administrator in order to be able to succesfully push out the clients > using > the Client Push Install Wizard? > 3. In Client Push Install Methods-->Client Push Installation, what type > of > account needs to be listed--a Domain Admins group user (insecure), regular > user account, other? > 4. In Component Configuration-->Software Configuration-->Software > Distribution, what type of account needs to be listed for Advanced Client > Network Access Account? > > Do all of these accounts need to have some sort of local admin. access or > domain admin. access or can some of them be regular user accounts? I want > to > configure SMS to be secure but hopefully without having to goto each PC to > add a newly created domain admin. user directly to each PCs' Local Admin's > group. > > Thanks > Richard
- Next message: Bippen Bisht [MSFT]: "Re: Scanwrapper.exe"
- Previous message: Jeff Harbaugh [MSFT]: "Re: automatic site code discovery was unsuccessful...help?"
- In reply to: Richard: "Administrator--Client installation account problem"
- Next in thread: BugginOuT: "Re: Administrator--Client installation account problem"
- Reply: BugginOuT: "Re: Administrator--Client installation account problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
