Microsoft KB Archive/191336

= SMS: How to Create a Custom Remote Control Group in Systems Management Server =

Article ID: 191336

Article Last Modified on 6/14/2005

-

APPLIES TO


 * Microsoft Systems Management Server 1.2 Standard Edition

-



This article was previously published under Q191336



IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.



SUMMARY
The information in this article is intended to help set up a group that will be primarily responsible for performing the Remote Control functions of a production help desk. This article will cover how to set up the IDs in SQL Server and Systems Management Server as well as how to update the clients in the site so that the newly created group can take remote control of the computers.



MORE INFORMATION
The first task in this process is the creation of the ID in the SQL Enterprise Manager. With SQL Server in Standard security, the steps in creating this ID are:

 Open the SQL Enterprise Manager. Open the Databases folder and expand the SMS database so that the folders Groups/Users and Objects appear. Under the SMS database, right-click the Groups/Users folder and then click New Group on the shortcut menu to create a new group for the users that will have the Remote Control responsibilities. Type the name of the group, click Add to create it, and then click Close. Right-click the Logins folder at the bottom of the SQL Server tree and then click New Login on the shortcut menu. Add the name of the login and give it a password. Give this new user the Permit right to the SMS database. Click the Group field for the SMS database to reveal the Group drop-down menu. Specify the group that you created in steps 4 and 5 and then click Add. Repeat steps 5 and 6 for each user you want to create.</li> Open and log in to the SMS Security Manager. This may take a few minutes.</li> In the ID drop down box in the upper left, you should see "dbo" by default. Change this to the new login ID that you just created in the SQL Enterprise Manager. All of the Objects listed should show "NO ACCESS" in both Proposed and Current Rights.</li>  Give the following objects these rights: <pre class="fixed_text">     Alerts                No Access Architectures        View Diagnostics          Full Events               No Access Helpdesk             Full Jobs                 No Access Machine Groups       No Access Network Monitor      No Access Packages             No Access Program Groups       No Access Queries              No Access Site Groups          View Sites                View SNMP Traps           No Access NOTE: View permissions is the minimum for the Architectures object because this is required to be able to see the Sites window. </li> Click Security at the top menu and then click Save User. Repeat steps 8-10 for each user that you had created in SQL Enterprise Manager. Close SMS Security Manager when you are finished.</li></ol>

To notify the clients of this new group, you must perform the steps below. these steps involve making a change to the registry.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

<ol> On the servers that you DO NOT want the help desk group to have access to, go to HKLM\SOFTWARE\MICROSOFT\SMS\CLIENT SERVICE\REMOTE CONTROL and change the Override Site Permitted Viewer List option to 1.</li> In the Systems Management Server Administrator program, open the Site Properties by selecting the site in the Sites window, clicking File menu, and then clicking Properties.</li> Click Clients and select the Proposed Properties radio button, followed by the now-enabled Options button.</li> In the Allow Access For These Users box, add the new Remote Control group to the list.</li> Click OK until you have closed out of the Site Properties. Then click Yes to update the site.</li> Using a text editor such as Notepad, open and save the System.map file WITHOUT making any changes. Doing this causes all clients to begin the Upgrade process upon the next client logon. For more information, see the following article in the Microsoft Knowledge Base:

166771 SMS: How to Force Site-Wide Client Updates

</li></ol>

This procedure allows a system administrator to off-load the remote control responsibilities to the help desk or other group if the SQL Server is using Standard security.

Additional query words: smsremctrl smsrc RC prodsms helpdesk SEM

Keywords: kbhowto kbremoteprog kbtshoot KB191336

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.