Microsoft KB Archive/833179

= The Hierarchy Maintenance Utility (the Preinst.exe tool) does not verify group membership in SMS 2003 =

Article ID: 833179

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Systems Management Server 2003

-





SYMPTOMS
When you try to run the Hierarchy Maintenance Utility (the Preinst.exe tool) in Microsoft Systems Management Server (SMS) 2003 together with a user account that does not have explicitly defined rights, the command appears to run. However, there areno results.

If you run the Preinst.exe tool against a child site, you may receive the following error message:

not a known site

Note  is the name of the SMS 2003 child site.



CAUSE
This behavior occurs when you try to run the Preinst.exe tool by using a user account that belongs to a group that has been granted permissions to the Site class in SMS. In this case, even though the user account is a member of a group that has permissions to the Site class, the user may require explicit permissions to the Site class. The Preinst.exe tool queries the SMS Security Rights table in Microsoft SQL Server to verify permissions. Group membership is not verified. Therefore, if the user account is not explicitly defined in the SMS Security Rights table, this problem may occur. For example, this problem may occur if rights are set at the group level.



RESOLUTION
To resolve this issue, explicitly grant administrator level rights for the SMS Site class to the user account. Alternatively, you may log on by using another account that is explicitly defined and has administrator level rights for the Site class.

To grant the user account that is used to run the Preinst.exe tool explicit permissions to the Site class in SMS 2003, follow these steps:
 * 1) Click Start, point to All Programs, click Systems Management Server, and then click SMS Administrator Console.
 * 2) Expand Site Database, and then click Security Rights.
 * 3) In the right pane, click the Class column to sort by class.
 * 4) If the user account is explicitly added to the Site class, double-click the permissions for the Site class. If the user account does not have explicit permissions to the Site class, go to step 6.
 * 5) In the user account security rights dialog box, make sure that all the permissions are selected, and then click OK.
 * 6) In the SMS Administrator Console, right-click Security Rights, point to All Tasks, and then click Manage SMS Users.
 * 7) On the Welcome to the SMS Users Wizard page, click Next.
 * 8) On the User Name page, click Add a new user, and then click Browse.
 * 9) Select the user account that you want, and then click OK.
 * 10) Click Next.
 * 11) On the Rights page, select Site under Object Class, click Add another right or modify an existing one, and then click Next.
 * 12) On the Add a Right page under Permissions, make sure that all the permissions are selected, and then click Next.
 * 13) On the Rights page, click The listed rights are sufficient, and then click Next.
 * 14) Click Finish.



STATUS
This behavior is by design.



MORE INFORMATION
SMS security rights may be set for a user account through the SMS Administrator Console.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

199869 SMS: Assigning class and instance security rights with the SMS User Wizard

