Re: Domain Admins Permissions
- From: "Steve Thompson" <stevethompson@xxxxxxxxxxxxx>
- Date: Thu, 10 Nov 2005 15:11:47 -0500
"Robin Hearne" <RobinHearne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:797D302C-54FD-401D-A86E-EEAA0DA1CA4A@xxxxxxxxxxxxxxxx
> We have an SMS 2.0 installation in an Active Directory 2003 domain.
> Currently there are several SMS service accounts in the Domain Admins
group
> and loads of them in the Administrators group for the domain.
>
> Is it absolutely necessary for these accounts to be there or is there
> another way to give them the permissions that they need but without having
> them in either the Domain Admins or the Administrators group?
There was a Microsoft SMS 2.0 Security whitepaper that covered this... while
it's easier to use and deploy SMS with an account with domain admin rights,
it is possible to make it work without being a Domain Admin. However, on
each server/client you would need to allow the SMS 2.0 service account to
have local administrator rights.
Here you go:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294786
Steve
.
- Prev by Date: Can not create the object Site, SLP and MP in Active Directory
- Next by Date: Re: Problem with clients with an incorrect Agent Site in Collections V
- Previous by thread: Can not create the object Site, SLP and MP in Active Directory
- Next by thread: Re: Problem with clients with an incorrect Agent Site in Collections V
- Index(es):
Relevant Pages
|
