Re: Backup and reinstall

Kim,

I played with this in my test lab, and the machines did not report in until
I re-pushed the agents. I assume that I could also have done a discover site
codes but I did not test it.

With regards to security: consider this scenario:

You have laptops with SMS agents on them. Someone accesses a hotspot using
one of these laptops. A guy using the same hotspot registers a NetBIOS name
of "MP_xyz" which is the same as the SMS site code on the laptop. Now the
client would start communicating with the evil guys machine (and he could
then create advertisements to run any app).

On the AD: sure: only an administrator will be able to publish to the AD.
But most people install the SMS agent so it can use both AD and WINS (that
is NetBIOS - and many machines will be configured as H nodes so they fall
back to broadcasts).

Thanks
Lars Norman Søndergaard
"Kim Oppalfens" <kim@xxxxxxxxxxxxxxxxxxxx> skrev i en meddelelse
news:MPG.1d175c50c242de53989ef6@xxxxxxxxxxxxxxxxxxxxxxx
>
> Lars,
>
> Are you positive about this? I always thought that if the environment
> uses Active directory and an extended schema that the clients would be
> able to get the new key from AD automatically and hence would report
> correctly provided site code & site server name.
>
> As for the security related remark, this would only work if the machine
> had the necessary permissions to publish to AD, which is usually done by
> an administrator of the domain anyway.
>
> Kim Oppalfens
> MVP SMS
> In article <uE4OdC#bFHA.2128@xxxxxxxxxxxxxxxxxxxx>, lns@xxxxxxxxxxxxx
> says...
>> Your clients will be assigned to the site if you create the same
>> boundaries.
>> But the clients will not report correctly to your site. You will need to
>> push the SMS agent to all machines since the public key of the SMS server
>> has changed.
>>
>> The reason for this behaviour is that otherwise anyone able to create a
>> SMS
>> server and change the nameresolution would in effect be able to control
>> all
>> machines and install software.
>>
>> Thanks
>> Lars Norman Søndergaard
>>
>> "FOX" <fox@xxxxxxxxx> skrev i en meddelelse
>> news:%231rAXzYbFHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
>> > My SMS server install in a member server of our Domain.If I reinstall
>> > this
>> > SMS server use the same computer name and the same Site name ,will the
>> > client auto come back and being assigned to the new server.
>> >
>> >
>>
>>
>>
>
> --
> Kim Oppalfens
> SMS MVP


.

Relevant Pages

  • Re: Help need desperately!
    ... > Have you given your SMS Server's machine account FULL CONTROL of the Systems ... > machines are already discovered or you wouldn't be able to push to them. ... > Check through the SMS Server logs, ... All clients are discovered, assigned and have successfully installed the ...
    (microsoft.public.sms.inventory)
  • Re: SMS Administrator Console
    ... my SMS server is also running SQL. ... local admin or even a power user (at least on the 2 machines that are ...
    (microsoft.public.sms.admin)
  • File copying in SMS 2003
    ... I have a SMS 2003 server, ... all local machines in my netwoRK. ... also fails to copy to destination. ...
    (microsoft.public.sms.admin)
  • Re: Moving SMS Components to new server to offload CPU usage
    ... > could move the DB again to another server following the same method, ... It's just how the SMS provider works. ... > So I can't move it back to the Site server but in case of disaster, ... We are utilizing all the agents except for software metering. ...
    (microsoft.public.sms.admin)
  • Re: Transfer files using SMS 2003
    ... I have a SMS 2003 server, ... all local machines in my netwoRK. ... Without considering SMS if i directly run the command in admin login, ...
    (microsoft.public.sms.admin)
Quantcast