Microsoft KB Archive/886070

= Systems Management Server (SMS) 2003 cannot connect to local shares after you apply a Windows Server 2003 security template to a SMS 2003 site server =

Article ID: 886070

Article Last Modified on 2/6/2007

-

APPLIES TO


 * Microsoft Systems Management Server 2003

-



Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.



SYMPTOMS
After you apply a Microsoft Windows Server 2003 security template to a Microsoft Systems Management Server (SMS) 2003 site server, SMS 2003 cannot connect to local shares, and you receive error messages that resemble the following in the Distmgr.log file:

Could not connect to job source \\ \SMS_ \inboxes\schedule.box (2). Cannot start replication. $$< >< >



CAUSE
This issue occurs after you apply a Windows Server 2003 security template to a SMS 2003 site server.



WORKAROUND
To work around this issue, add a registry key path in the SMS 2003 security templates, and then apply the updated security templates.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To add the registry key path in the SMS 2003 security templates
 Click Start, click Run, type mmc, and then click OK. In Microsoft Management Console, click File, and then click Add/Remove Snap-in. In the Add/Remove Snap-in dialog box, click Add. In the Available Stand Alone Snap-ins list, click Security Templates, and then click Add. Click OK. In the console tree, right-click Security Templates, and then click New Template Search Path.</li> In the Browse For Folder dialog box, locate the folder in which the SMS 2003 security templates reside.</li> Expand the new security template path, expand one of the following three security templates: <ul> EnterpriseClient-SMSServer.inf</li> HighSecurity-SMSServer.inf</li> LegacyClient-SMSServer.inf</li></ul> </li> Expand Local Policies, click Security Options, right-click Network Access: Remotely Accessible Registry paths and subpaths, and then click Properties.</li> Make sure that Define this policy setting in the template is enabled. Scroll to the bottom of the policy setting list, and then type the following line at the bottom of the list:

Software\Microsoft\SMS

</li> Click OK.</li> Repeat steps 9 through 10 for the two remaining security templates.</li></ol>

To apply the updated SMS 2003 security templates

 * 1) On the File menu, click Add/Remove Snap-in.
 * 2) Click Add.
 * 3) In the Available Stand Alone Snap-ins list, click Security Configuration and Analysis, click Add, click Close, and then click OK.
 * 4) Click Security Configuration and Analysis, and then read the instructions in the results pane.
 * 5) Right-click Security Configuration and Analysis, and then click Open Database.
 * 6) In the File name box, type SMSSiteServer, and then click Open.
 * 7) Click one of the security template that you updated, and then click Open to import the entries that are contained in the template to the database.
 * 8) Right-click Security Configuration and Analysis, and then click Configure Computer Now.
 * 9) Repeat steps 7 through 8 for the two remaining security templates.

<div class="moreinformation_section">

MORE INFORMATION
When you apply one of the baseline templates that are included with the Windows Server 2003 Security Guide, you must also apply an SMS security template so that SMS operations will not be disabled.

For more information about SMS security templates, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/sms/sms2003/security/spsecsms03/spsec_11.mspx

For more information about Windows Server 2003 security, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=28827

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

816585 How to apply predefined security templates in Windows Server 2003

816297 How to define security templates by using the Security Templates snap-in in Windows Server 2003

816580 How to analyze system security in Windows Server 2003

Keywords: kbtshoot kbsmssecurity kbwinservperf kbmgmtservices kbprb KB886070

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.