ctv

Hi Thank you for your responces. On the specific questions: We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU. Do you want know if you can place all these resource records in One OU or Not ? Yes you did understand the situation correctly but not the question. Yes we put resource domain user accounts into an OU called "Resources". The question however is if this is good practice in the sense of having domain accounts specifically created as resources for specific services, say SCCM (SMS), FEP etc? Especially SCCM (SMS) as I am in the process of testing etc. Furthermore, I am now totally lost on all the accounts that I may or may not need: From what I can gather in the guide it's recommended to have 3 accounts, 1 SMSadmin, 2 SMSread, 3 preferably another account than SMSadmin to deploy agents (say SMSagent)? Am I getting this part correct? Secondly, provided my understanding of the above mentioned accounts are correct, should I perhaps install SQL using Windows Authentication (as recommended by MS), but using the SMSadmin account specifically? or server a new one SMSsql or SMSdb? Would there be harm in using one account (say SMSadmin) for most things (including SQL) or do you suggest another account? I would prefer NOT to specify a local account ONLY on the site/sql server. The reason I am asking all these questions is that I do not want to end up with too many accounts doing to many different things. On the site server it automatically created a local group called "SMS Admins". It "appears" that I (my own domain account "domain\cvisser") was automatically added to this group? Is this due to the fact that I installed SCCM whilst being logged onto the site server's operating system using my credentials? Who else needs to be part of this "SMS Admins" group? As mentioned earlier, we have more than one network/domain administrator that administers everything, we actually have a security group under AD created as "domain\ITC Admin" having our administrators individually added as members to it. Does this mean I need to specify "domain\ITC Admin" as part of this local "SMS Admins" group on the site server? Lastly on my point 2.2 i asked the following but did not get your response or input on it: "During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?" *** Thank you again for all your help! You have no idea how much its helping me as my deadline for production is looming around the next couple of days

Hi I have used this guide to deploy SCCM 2007 R2 + SP2 (then upgraded to R3 afterwards) in Mixed Mode in a test lab environment on a Windows Server 2008 R1 + SP2 (32bit) using MS SQL 2008 R2 STD. We are planning on running it on a Windows Server 2008 R2 (64bit) virtual machine on Hyper-V once we decide to go production. I have also installed FEP 2010 extension to the SCCM site server. I have managed to deploy a basic SCCM agent & FEP 2010 agent. I do have quite a couple of questions that I need answered as accurately as possible: Lab Environment questions: 1.) MS SQL: In out organisation we tend to install SQL using Mixed Mode authentication and specifying an SA password in addition to a Windows Authentication Mode account. When I did the prerequisite checks for SCCM, it was not to happy about the mixed mode authentication for SQL and advised that I should switch to Windows authentication only - which I ended up doing. 1.1)Why is it a problem for SCCM if one specifies an additional SA authentication? 1.2) In your guide you specified the local administrator (%hostname%\administrator) account of the server as the account to use under Database Engine Configuration > Account Provisioning during SQL setup. We usually specify a domain account here - would this be an issue and where else would this change affect SCCM's setup and configuration? Also keep in mind that in Windows Server 2008 R2 the local administrator account is disabled by default. We also have more than one domain/network administrator(s) working on all systems so I do not want to bind it to one of those accounts. We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this? Can we use the %Domain%\SMSAdmin account that is created later in the guide or do you advise on creating another one altogether? If another account is to be created, what do you suggest we call it and what type on roles/rights (domain users, domain admin etc) do we give it under active directory? (keeping in mind the naming convention SMSAdmin, SMSRead etc) 1.3) Do I need to open the Firewall for SQL as explained at the bottom/last step in the guide to install SQL? 1.4) Should I leave the instance name as default or is it preferred to change it to another named instance? 2.) SCCM 2007 prerequisites: 2.1) Extend AD schema: When using EXTADSCH.EXE to extend the schema, do I run this on the SCCM server or the domain controller itself? Yes, I am aware that the account used for it must be part of the Schema Admin group 2.2) During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account? 3.) Prerequisites passed - Now installation of SCCM 2007 R2 + SP2 3.1.) During installation of SCCM, one reaches a point "Updated Prerequisites Components". From what I can gather it either tries to download the prerequisites for clients and not SCCM server installation or requires that it be pointed to a directory that contains the latest prerequisites. Is this path extremely important as to what it should be or what structure it should follow? Does all other SCCM packages ect gets stored here? What is this directory used for exactly? I don't want to just thumb-suck a path and later find that I should have placed or structured it better. 4.) Installation done - creating boundries It is noted in your give to guide: "You'll need to know your AD site name. The AD site name is by default called Default-First-Site-Name and you can change that in Active Directory sites and services just as long as the site name is the SAME in both AD and SCCM site boundries" Is this really necessary to rename the site in AD Sites & Services from "Default-First-Site-Name" to something else? If one does in fact change it, what impact does it have on any other services? Production Environment: 1.) MS SQL: Since the production setup will have Windows Server 2008 R2 64bit as the OS instead of Windows Server 2008 R1 32bit, do I need to install SQL 2008 R2 in a 32bit mode, 32bit + 64bit mode or 64bit mode only? *** I would like to take this opportunity to thank anyone for their feedback. I know I am asking a lot questions but I need these answered to understand and action a production plan as soon as possible Thanks CTV