Re: SCCM 2007 - Share and NTFS Permissions to install Clients?

Matthew Evans wrote:
Thanks. That's very interesting that your share and NTFS permissions also match mine, which means as a regular user you can't get to the share:

\\<site server>\SMS_<sitecode>\client\ccmsetup.exe

to manually install the client. How are you distributing the client? Are you using the push installation or something else?

At least I know that there doesn't appear to be a problem specific with my installation that is the cause of the this.

"Garth" wrote:

This is what I have on mine.

File
Administrator Full
Internet Guest Account <Server>\IUSR_<Server> Read
Local Service Read
System Full


Share
Administrator Full
SMS_SiteSystemToSiteServerConnextion_<SiteCode> Change
SMS_SiteToSiteServerConnextion_<SiteCode> Change
System Full



"Matthew Evans" <MatthewEvans@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DDCF2467-4731-4A4A-BA4E-BC53E80BD305@xxxxxxxxxxxxxxxx
No problem with security, as long as it is documented someplace how to get
the application to work.

I started going down the route of opening up the rights to the share, then
to the top level NTFS permissions to the SMS_<site_code> directory, but the
permissions are reapplied (not inherited) at the \CLIENT\ level, so I would
have to keep opening up the specific directories to get this to work.

Just seems like I'm doing something wrong.

Anyone else running an SCCM 2007 server that can compare share and NTFS
permissions?

"Garth" wrote:

I believe that is by design as with all new product thing are setup to be
secure by default.





"Matthew Evans" <MatthewEvans@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8661463F-28CC-4B3B-9B4D-5F4EBD2F5B63@xxxxxxxxxxxxxxxx

"Kim Oppalfens [MVP]" <""Kim dot Oppalfen" wrote:

Matthew Evans wrote:
Yes, I created a management point during the installation process.

According to the web site:
http://technet.microsoft.com/en-us/library/Bb632409.aspx

The client can be installed from here: \\<site server>\SMS_<site
code>\client\ccmsetup.exe

Is this not the correct location for the installation of the client?
Ok, My mistake the answer I gave you was valid for sms 2003 not sccm
2007.



--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx

No problem. Do you know what the rights should be on SCCM 2007? I don't
know if there's a problem with the software, or a problem with the way I'm
trying to configure SCCM 2007.




I believe the main problem is that all other client installation methods now use Bits to download the client. So they don't rely on the smsclient share anymore we had in SMS 2003. By consequence the documentation points you to a share higher in the directory structure.

I don't see any security issue in granting authenticated users read & execute on the client folder.

--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
.

Relevant Pages

  • Re: After reinstallation
    ... If you manually install the client and open the system manager in control ... See Ccm.log on site server ... SMS Active Directory System Group Discovery Agent reported errors for 3 ... The MP installation was succesful, ...
    (microsoft.public.sms.setup)
  • Re: Advanced Client install nightmare
    ... I have previously successfully installed a client over the network, ... I can succesfully connect to the remote registry using the account. ... MVP Windows Server System - SMS ... account specified in the Client push installation properties. ...
    (microsoft.public.sms.admin)
  • Re: Client Push Question - MVP Kim vs Microsoft ?!
    ... My ex-training colleagues referred to me as sms-knowledgeable because I am more often right then wrong when sms is concerned. ... secondary site, I install SMS, configure the site server to be a management ... regarding 3) that enabling both discovery and client push on secondaries will ... > client push installation to get the clients installed. ...
    (microsoft.public.sms.admin)
  • Re: Rolling Out Office 2003 Fails
    ... This is not an SMS issue, but rather an Office 2003 issue when you ... installation on a clean Windows 2003 Server and it runs smoothly, ... Advancec Client tab on the advertisement is set to "run program from ... Software Installation Account. ...
    (microsoft.public.office.setup)
  • Re: unable to installed software. No rights
    ... installation or find a way in which program can be installed without user ... will indicate to you which program SMS started and when and in next few ... >> client logs which will indicate that SMS has ... >>>> where you add those DPs individually or user preload package tool to ...
    (microsoft.public.sms.swdist)