Re: Distribution Point on Windows 2003 DC

Actually, better security practice would be to add it to the Administrators
local group on the DC. It will be an admin to all domain controllers, but
that is still better than making it an admin to every computer in the
domain.

Check out this section of the doc:
Managing Advanced Security Accounts
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/security/spsecsms03/spsec_4.mspx#ECAA
It gives you a checklist of what to add where.

--
Cathy Moya, CISSP, MCSE: Security
Technical Writer, Windows Enterprise Management Division User Assistance

Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
This posting is provided AS IS with no warranties and confers no rights.

"wayne" <wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A8BC1B2-8893-4E0A-B992-20C581EA7775@xxxxxxxxxxxxxxxx
> That was it! Thanks! Sometimes I wish the books would be that easy!
>
> "Seeker" wrote:
>
>> I believe the Site System computer account needs to have administrative
>> rights on the DC; which you can grant by making it a Domain Admin.
>>
>> Make sure to reboot the site server after adding it to the group.
>>
>> "wayne" <wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:C9B60A13-8210-423E-A54B-C74CA9964A64@xxxxxxxxxxxxxxxx
>> > SMS 2003-SP1 - Advanced Security
>> > Windows Server 2003
>> > Single Site / Single Domain
>> > SMS 2003 installed on member server with Distribution Point. Want to
>> > make
>> > a
>> > Distribution Point on another server which happens to be a DC. On the
>> > DC,
>> > I
>> > have IIS, WebDAV, and BITS installed.
>> >
>> > I'm sending a package to the DC, because from what I understand the
>> > folder
>> > and share wll be created after the first package is sent. The Critical
>> > messages I see in the SMS_DISTRIBUTION_MANAGER component status window
>> > are:
>> > "SMS Distribution Manager failed to process package "Program" (package
>> > ID
>> > =
>> > PHI00009)."
>> > and
>> > "Failed to create virtual directory on the defined share or volume on
>> > distribution point
>> > "["Display=\\DCRSC015\"]MSWNET:["SMS_SITE=PHI"]\\DCRSC015\"."
>> >
>> > I believe it to be a permissions issue. Can someone specifically state
>> > where/how I need to give SMS permissions on a DC and/or is it something
>> > else?
>> >
>>
>>
>>


.

Relevant Pages

  • Re: New to SMS - have a Collections question.
    ... local admin of both the SMS server and the server the database is on. ... However this is a security problem. ... Access to objects is based on Security Rights (if you scroll down the ...
    (microsoft.public.sms.admin)
  • Re: Secure host newbie - fun - humm
    ... decision, as the admin, whether or not to take down the server. ... Listen, as a security specialist, I *know* that every single box that I, ... some level of risk and that there is no "100% I'm secure" level. ...
    (Security-Basics)
  • Re: Cant delete users in SharePoint
    ... Thanks for the info. I'm an admin, but the actual server is sitting ... "Manage Security" screen. ... They still show up in SharePoint. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Cant delete users in SharePoint
    ... You have to be an admin on the server or be the site collection administrator to see the siteusrs.aspx screen. ... "Manage Security" screen. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: TS running on a DC
    ... > local group. ... >> We have a group of about six admin type staff and 5 servers. ... >> other servers and pointed them to our TS server. ... >> Additionally only one person at a time could login to any individual ...
    (microsoft.public.windows.terminal_services)