Re: Problem pushing Advanced client to WinXP SP1
From: Kim Oppalfens (kim_at_computacenter.nospam)
Date: 10/31/04
- Previous message: Kim Oppalfens: "Re: Problem pushing Advanced client to WinXP SP1"
- In reply to: Kim Oppalfens: "Re: Problem pushing Advanced client to WinXP SP1"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 31 Oct 2004 21:42:50 +0100
Another option would be to standardize the local administrator password
on all machines and use
%machinename%\administrator as the client push installation account.
If your admin accounts are not standardized at present, and you are not
paid by the mile, try this.
tinyurl.com/3rblq
Kim Oppalfens
In article <MPG.1bef66605365b43f989914@msnews.microsoft.com>,
kim@computacenter.nospam says...
>
> Use the features in AD Group policies to your advantage.
> There is a restricted groups feature inside a gpo. Add the
> administrators group as a restricted group. Add a client
> pusthinstallation account, and the domain admins group.
>
> Beware, this will overwrite the local administrators group membership!!!
> Any existing members will be kicked out.
>
> Kim Oppalfens
> In article <392EBB85-6789-4664-8957-BCC602B4C143@microsoft.com>,
> Richard@discussions.microsoft.com says...
> > Hi,
> >
> > Yes, I have done that. I looked at the ccm.log and it gave Error 53:
> > Remote Registry is not started. I didn't see anything in the MS docs that
> > mention that the Remote Registry service must be started on the desktops in
> > order to push the SMS client to it. Once I started the service and set it to
> > Automatic, then I was able to successfully push the client.
> >
> > You brought up an important point. Is there an easier way to secure the
> > client push account so I don't have to use a domain account that has
> > administrative
> > authority on the workstations? We are using Advanced Security.
> > The easiest thing to do would be to make an account a member of the Domain
> > Admins global group. When PCs join the domain, the Domain Admins. group is
> > made a member of the local Administrators group on each PC. But this is not
> > secure.
> >
> > Instead of going to each PC and adding this account directly to the local
> > Administrators group, is there an easier way? I might be confusing standard
> > security methods with advanced security methods. Please clarify.
> >
> > "Troy Olson" wrote:
> >
> > > "=?Utf-8?B?UmljaGFyZA==?=" <Richard@discussions.microsoft.com> wrote in
> > > news:A3281B77-C374-4C32-A04D-C44383465495@microsoft.com:
> > >
> > > > Hi,
> > > >
> > > > I am now in our production AD domain. We decided not to extend the
> > > > schema for SMS, but I registered the SLP and MP in WINS. When I use
> > > > the Client Push Install Wizard from the Win2003 SMS server to push to
> > > > an XP client, it doesn't succeed. I have tried it on a few PCs. Are
> > > > they some things I need to check are enabled or other?
> > > >
> > > >
> > >
> > > Have you configured the client push properties, under the client
> > > installation methods folder, with a domain account that has administrative
-- Check out the SMS Technical FAQ: http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default .mspx
- Previous message: Kim Oppalfens: "Re: Problem pushing Advanced client to WinXP SP1"
- In reply to: Kim Oppalfens: "Re: Problem pushing Advanced client to WinXP SP1"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
