MORE INFORMATION

Configuring an SMS 2003 management point for the Advanced Client

Before you can use the Client Push Installation method to deploy the SMS 2003 Advanced Client software, you must configure an SMS 2003 site system computer as a management point and make sure that a default management point is specified for the site:

1. Click Start, point to Programs, click Systems Management Server, and then click SMS Administrator Console.
2. Expand Site Database, expand Site Hierarchy, expand SiteCode - SiteName, expand Site Settings, click Site Systems, right-click the server name in the right pane, and then click Properties.
3. On the Management Point tab in the Site System Properties dialog box, make sure that the Use this site system as a management point check box is selected.
4. Click OK.

Configuring the default SMS 2003 management point for the Advanced Client

1. Click Start, point to Programs, click Systems Management Server, and then click SMS Administrator Console.
2. Expand Site Database, expand Site Hierarchy, expand SiteCode - SiteName, expand Site Settings, click Component Configuration, right-click Management Point in the right pane, and then click Properties.
3. On the General tab in the Management Point Properties dialog box, click Management point under Default management point, click the drop-down list next to Server name, and then click a SMS 2003 site system computer name from the list.
4. Click OK.

Legacy Client Connection Account

When you install a new site that has advanced security enabled, SMS does not automatically create the SMS Client Connection Account. Legacy Clients use the SMS Client Connection Account to connect to a Client Access Point (CAP) to send information, such as discovery data records (DDRs), inventory, and status messages. SMS also uses the CAP to receive information, such as advertisements and configuration changes. If you plan to use Legacy Clients in your advanced security SMS site, you must create at least one SMS Client Connection Account before you install the Legacy Clients.

SMS Client Connection Accounts do not have to have any permissions to the client computer and do not have to be members of any groups on the client. Standard security sites automatically create a Client Connection Account as a local account on the CAP when you set up a CAP. You can create Client Connection Accounts as domain accounts and then share them among many CAPs. When you do this, you minimize the number of Client Connection Accounts that you must create, and you maintain and increase the security scope of each Client Connection Account. We recommend that you use local accounts whenever you can.

Configuring the SMS 2003 Legacy Client Connection Account

1. Click Start, point to Programs, click Systems Management Server, and then click SMS Administrator Console.
2. Expand Site Database, expand Site Hierarchy, expand SiteCode - SiteName, expand Site Settings, expand Connection Accounts, right-click Client, click New, and then click Windows User Account.
3. In the Connection Account Properties dialog box, click Set.
4. In the Windows User Account dialog box, type an account by using the following format:

   CAP Server Name\User or Domain\User

5. Click OK two times.

Client Push Installation Account

By using the Client Push Installation Account, you can install client software on computers when the user who is running the client installation does not have local administrative rights. You can use the Client Push Installation to deploy the SMS 2003 client software to the following operating systems:

• Microsoft Windows NT 4.0 (Legacy Client only)
• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Windows Server 2003

You can create multiple Client Push Installation Accounts. Clients that are not members of domains cannot authenticate domain accounts. For these clients, you can use accounts that are local to the clients. For example, if you set up a standard account on each computer for administrative purposes, and all the accounts have the same password, you can define a Client Push Installation Account as %machinename%\account.

This account must have administrative credentials on the computers where you will install the client components. On all potential client computers, Client Push Installation requires that you grant administrator rights and permissions to either the SMS Service account (if the site is running in standard security mode) or the Client Push Installation accounts that you define.

Configuring the SMS 2003 Client Push Installation Account

1. Click Start, point to Programs, click Systems Management Server, and then click SMS Administrator Console.
2. Expand Site Database, expand Site Hierarchy, expand SiteCode-SiteName, expand Site Settings, and then click Client Installation Methods.
3. Right-click Client Push Installation, and then click Properties.
4. On the Accounts tab, click Add.
5. In the Windows User Account dialog box, type an account by using the following format:

   Domain\User

6. Click OK two times.

Advanced Client Network Access Account

You must configure the SMS 2003 Advanced Client Network Access Account for the SMS 2003 site before you can use the Client Push Installation method to deploy the SMS 2003 Advanced Client software on computers that reside in a non-Active Directory environment. The Advanced Client Network Access Account is a domain-level account that you create for Advanced Clients. If you define the account in a non-Active Directory environment, the account will be used to access the Client.msi file and related installation files from the SMSClient share on the management point. If the Advanced Client Network Access Account is not available, SMS uses the currently logged-on user, the local system account, or the computer account of the destination computer to make this connection. In this configuration, the Advanced Client Network Access account serves a similar purpose on the Advanced Client that Client Connection account serves on the Legacy Client.

The Advanced Client Network Access Account must always include a domain name. Pass-through security is not supported for this account. If the account must be used in multiple domains because users may want to use resources from multiple domains, the domains must be set to trust each other so that the account can be used on the resources on all the domains.

Note The Advanced Client also uses this account when an advertised program must access a share on a server other than the distribution point. Therefore, this account must have permissions on the share that the advertised program accesses.

Configuring the SMS 2003 Advanced Client Network Access Account

1. Click Start, point to Programs, click Systems Management Server, and then click SMS Administrator Console.
2. Expand Site Database, expand Site Hierarchy, expand SiteCode - SiteName, expand Site Settings, click Component Configuration, right-click Software Distribution in the right pane, and then click Properties.
3. On the General tab of the Software Distribution Properties dialog box, click Set under Advanced Client Network Access Account.
4. In the Windows User Account dialog box, type the account name by using the following format:

   Domain\User

5. Click OK two times.