Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
- From: "Cathy Moya [MS]" <camoya@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Dec 2007 09:27:34 -0800
Urg. I should rephrase that. If you have Forest1/DomainA and your
distribution points are in that domain, and your clients are in
Forest2/DomainB, you would create the network access account in DomainA. The
clients in DomainB just know the name and password and use it to access the
distribution points. This would also be true if you have distribution points
in Forest1/DomainX and Forest 1/DomainY. But you might have to do some
global/local/universal group things to make sure the DomainA\network access
account had permissions on the dps in X and Y. Note that having an
additional distribution point in Forest2/DomainB is not supported, because
we don't support distribution points across forest boundaries unless they
are supporting Internet-based clients.
Does that help?
--
Cathy Moya, CISSP, MCSE: Security
Technical Writer, Management & Solutions Division User Assistance
Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
Read the Configuration Manager 2007 Documentation Library
http://technet.microsoft.com/en-us/library/bb694263.aspx
This posting is provided AS IS with no warranties and confers no rights.
"Bob" <Bob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:30309F18-03F9-407F-B52F-3EDEDF8F59EA@xxxxxxxxxxxxxxxx
RIF, sorry for the additional post, but I just re-read the link Cathy sent
and found this:
"This account can be created in any domain that will provide the necessary
access to resources. The Network Access account must always include a
domain
name. Pass-through security is not supported for this account. If there
are
multiple domains, create the account in a trusted domain.
"
There are NO trusted Domains in this implementation, (Although THERE
SHOULD
BE... client requires that there are no trusts. I know, bad idea, but...).
I'm thinking that the only alternative to support romaing clients in
untrusted domains in theis organization is Internet-Based Client
Management,
(which the client is also against, go figure).
:) Still smiling through the pain... :)
"Cathy Moya [MS]" wrote:
About the Network Access Account
http://technet.microsoft.com/en-us/library/bb680398.aspx
--
Cathy Moya, CISSP, MCSE: Security
Technical Writer, Management & Solutions Division User Assistance
Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
Read the Configuration Manager 2007 Documentation Library
http://technet.microsoft.com/en-us/library/bb694263.aspx
This posting is provided AS IS with no warranties and confers no rights.
"Kim Oppalfens [MVP]" <""Kim dot Oppalfens\"@google mail.com"> wrote in
message news:e0zbRbYNIHA.4136@xxxxxxxxxxxxxxxxxxxxxxx
It has indeed been renamed to the Network Access account.
You don't need to create the account multiple times, it just needs to
be a
domain user account. People usually create a user in the domain where
the
site server is in.
--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
Bob wrote:
Thank you, Kim for all your hard work in helping others! I am thinking
that I would need to create the same advanced client network account
with
the same password in each domain, then point Configmgr to it? Where
do I
set the account up in the Configmgr console? In doing preliminary
research for this, I found this link:
http://myitforum.com/cs2/blogs/socal/archive/2007/03/12/sccm-2007-how-to-site-configuration.aspx
Which states: "Software Distribution configuration is next. This looks
the same as it does in SMS 2003, you will need to specify the drive
where
packages are stored, the D drive in our case. And the Advanced Client
Network Access Account. You may think to yourself, didn't we already
do
this in the Computer Client Agent, and you would be correct, in the
next
build the Advanced Client Network Access Account will be gone, this is
just left over legacy UI. "
This indicates that the Advanced Client Network Account "will be gone"
(?). I haven't been able to find it in the console under that specific
name. Is it the "Network Access Account" under Site Settings/Accounts?
Thanks again!
"Bob" wrote:
OK this is a good one, I think...
Without implementing Internet-based configuration:
I have 3 forests with 3 domains. Can I configure SCCM 2007 so that a
client in Forest 1 - Domain 1 (located in Kyoto Site) who roams to
Forest 3 - Domain 3 (Kentucky Site) can get updates from a DP in
Domain
3? Oh, by the way, there are no Domain Trusts.
If so, in a billion words or less, how? :)
Thank you! Now stop laughing...
.
- Follow-Ups:
- References:
- Re: 4 forests-domains, roaming clients, no trusts, not Internet-Based
- From: Kim Oppalfens [MVP]
- Re: 4 forests-domains, roaming clients, no trusts, not Internet-Based
- From: Cathy Moya [MS]
- Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
- From: Bob
- Re: 4 forests-domains, roaming clients, no trusts, not Internet-Based
- Prev by Date: Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
- Next by Date: Re: SCCM connection problem to SQL cluster
- Previous by thread: Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
- Next by thread: Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
- Index(es):
Relevant Pages
|
