Jump to content


Sign in to follow this  
narcoticmind

How to set proper user rights / permissions for SCCM 2012's service accounts?

Recommended Posts

Just wondering what permissions does these SCCM 2012's service accounts need EXACTLY, for example:

 

ClientInst = Local Administrator on site computers

Network Access Account = ?? What permissions on the file server source?!

Domain Join = ?? What permissions, where and how to set these?

SQL Service account = ??

SCCM Admin = ?? What and where

 

Definitive list would be good... also looking for some kind of guide for SCCM 2012 Delta Group Policy, how to set the user rights assignments right and so on...

 

Thx in advance.

Share this post


Link to post
Share on other sites

go through this link :http://www.windows-noob.com/forums/index.php?/topic/2317-using-vnext-in-a-lab-part-1-installation/

 

For client installation - the user account should be member of local administrator group of client machine (domain admin user account will also work).

Domain Join - The user account that you create can be delegated to join the computers to domain. If you want to do it, delegate control in AD, select the user and give the permissions to join the computer to domain.

SQL Service Account - After you install SQL server, login to it with Administrator. Expand option Security > right-click Logins > select the user account from Active directory and select sysadmin role.

SCCM Admin - If you are using this account to install SCCM and manage SCCM, then the user account should be member of administrators group on SCCM server.

Share this post


Link to post
Share on other sites

Thanks Prajwal Desai!

 

Network Access Account is still a mystery to me, what account does SCCM use when it connects to the file source server for e.g. driver, apps, packages source?

Share this post


Link to post
Share on other sites

@narcoticmind- The Network Access account is never used as the security context for running programs, installing software updates, or running task sequences, its used only for accessing resources on the network.

Share this post


Link to post
Share on other sites

Hi ,

 

I would like to know , Should a SCCM administrator have a DOMAIN admin level access , so that he/she can perform his tasks such as trouble shooting client related issues on desktops/servers , managing the "system Management" container , accessing WMI/registry on remote sccm cleints , installing upgrades on the site server etc....effectively ? IF Domain level access is excessive for an SCCM administrator , what should be the minimum permission level needed for him/she to do the job effectively.

 

_noma

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...