Re: Error message in site component manager
- From: Sherry Kissinger [MVP-SMS] <mofmaster@xxxxxxxxxxxxx>
- Date: Thu, 1 Nov 2007 05:14:02 -0700
I decided to blog that tip about sms_site_servers group:
http://myitforum.com/cs2/blogs/skissinger/archive/2007/11/01/simplified-sms-2003-site-to-site-rights.aspx
--
Standarize. Simplify. Automate.
"Sherry Kissinger [MVP-SMS]" wrote:
Correct. On a side note; a tip I was given a long time ago I'll pass on. In.
AD, I have a group called SMS_Site_Servers. I grant that group access rights
to that container, as well as put that group in the local groups necessary on
all SMS Site Servers. The contents of that ad group are the computer
accounts of all my SMS Servers. You will need to reboot your SMS Servers at
least once after adding it's computer account to this group; but from then
on, whenever I need to do a lease return or need a new site, I just add the
computer account into the group; add the group into the new computer's local
groups; and I can essentially forget about rights. The theory is that these
are computers--let them them have the rights. If these were user accounts,
you might need to worry about the security impact of having users with these
rights... but these are computer accounts.
--
Standarize. Simplify. Automate.
"apereira" wrote:
Thanks for the response. When you state COMPUTER does this mean lets say
server name ABC. I then go to AD and then to the systems management container
and add ABC with full access rights.
I just want to make sure I understand correctly.
"Kim Oppalfens [MVP]" <""Kim dot Oppalfen" wrote:
apereira wrote:
Would you know what user would need access to the ad container?The site server COMPUTER account needs this access.
"Bruno" wrote:
Hi
For what i read, there might be a problem with the permissions on the
'System management' container in AD.
hope it helps
"apereira" wrote:
Hello,
I am getting the following error message in the SMS_MP_CONTROL_MANAGER here
is the following error message
"The SMS Service Host (CCMEXEC) was unable to update certificate information
in the Active Directory."
I am running the following
1 forest
Windows 2003 SP2
SMS 2003 SP3
Any ideas?
Thanks
It needs full control on the system management container AND all child
objects. You can set the permissions on the advanced tab of your ad
security properties for the systems management container.
Sorry to put things in capital, but it is just to highlight the mistakes
most people make against this.
--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
- References:
- Re: Error message in site component manager
- From: Sherry Kissinger [MVP-SMS]
- Re: Error message in site component manager
- Prev by Date: Re: Error message in site component manager
- Next by Date: batch file wont run
- Previous by thread: Re: Error message in site component manager
- Next by thread: Re: Error message in site component manager
- Index(es):
Relevant Pages
|
Loading
