Jump to content


narcoticmind

How to set proper user rights / permissions for SCCM 2012's service accounts?

Recommended Posts

Just wondering what permissions does these SCCM 2012's service accounts need EXACTLY, for example:

 

ClientInst = Local Administrator on site computers

Network Access Account = ?? What permissions on the file server source?!

Domain Join = ?? What permissions, where and how to set these?

SQL Service account = ??

SCCM Admin = ?? What and where

 

Definitive list would be good... also looking for some kind of guide for SCCM 2012 Delta Group Policy, how to set the user rights assignments right and so on...

 

Thx in advance.

Share this post


Link to post
Share on other sites

go through this link :http://www.windows-noob.com/forums/index.php?/topic/2317-using-vnext-in-a-lab-part-1-installation/

 

For client installation - the user account should be member of local administrator group of client machine (domain admin user account will also work).

Domain Join - The user account that you create can be delegated to join the computers to domain. If you want to do it, delegate control in AD, select the user and give the permissions to join the computer to domain.

SQL Service Account - After you install SQL server, login to it with Administrator. Expand option Security > right-click Logins > select the user account from Active directory and select sysadmin role.

SCCM Admin - If you are using this account to install SCCM and manage SCCM, then the user account should be member of administrators group on SCCM server.

Share this post


Link to post
Share on other sites

Hi ,

 

I would like to know , Should a SCCM administrator have a DOMAIN admin level access , so that he/she can perform his tasks such as trouble shooting client related issues on desktops/servers , managing the "system Management" container , accessing WMI/registry on remote sccm cleints , installing upgrades on the site server etc....effectively ? IF Domain level access is excessive for an SCCM administrator , what should be the minimum permission level needed for him/she to do the job effectively.

 

_noma

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.