Microsoft KB Archive/125454

= SMS Service Account Requirements for Different Configurations =

Article ID: 125454

Article Last Modified on 6/14/2005

-

APPLIES TO


 * Microsoft Systems Management Server 1.0 Standard Edition
 * Microsoft Systems Management Server 1.1 Standard Edition
 * Microsoft Systems Management Server 1.2 Standard Edition

-



This article was previously published under Q125454



SUMMARY
The services running on a Systems Management Server site require various administrator-type rights on all site server systems maintained by Systems Management Server. This article describes what rights are required for the supported configurations.



MORE INFORMATION
The Systems Management Server service account requires administrative rights on each Systems Management Server maintained server. Systems Management Server creates new shares and directories on each installed server in order to populate them with files.

On Windows NT and OS/2 servers, Systems Management Server installs and starts the Inventory Agent service. On Windows NT servers, Systems Management Server also installs the Package Command Manager. To install these services, the Systems Management Server Windows NT service account must have the right to logon as a service at each Windows NT server.

For a single Windows NT domain Systems Management Server site, the Systems Management Server service account must be in the Domain Administrators group and have been granted Logon As A Service rights. If OS/2 servers are added to the Windows NT domain, the Systems Management Server service account must be in the Global Administrators group.

If an OS/2 domain is added to an existing Systems Management Server site, create an identical Systems Management Server user account in the Administrators group on the OS/2 domain (with the same password). This is necessary because OS/2 does not understand the concept of Local groups.

If a NetWare domain is added, each NetWare server must have a supervisor- equivalent user account identical to the Windows NT Systems Management Server account.

If you add a Windows NT domain to an existing site, create a one-way trust relationship from the new domain to the domain that contains the Systems Management Server service account. When the trust relationship is active, add the Systems Management Server service account to the Local Administrators group in the new domain and give the account the right to Logon As A Service. Make sure that you use the full \ syntax. This ensures that the proper domain validates the account through the trust relationship.

When connecting sites in a hierarchy, no administrative rights are required, and you do not have to create a trust relationship between the sites. The connection address for the respective sites must include the \ of the other site, and the account must have Change access to the Sms_Site share.

Additional query words: sms prodsms

Keywords: kbinfo kbinventory kbnetwork KB125454

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.