SMS Service Account Requirements for Different Configurations

 Last reviewed: April 22, 1997
Article ID: Q125454

The information in this article applies to:
  • Microsoft Systems Management Server versions 1.0 and 1.1

SUMMARY

The services running on a Systems Management Server site require various administrator-type rights on all site server systems maintained by SMS. This article describes what rights are required for the supported configurations.

MORE INFORMATION

The SMS service account requires administrative rights on each SMS maintained server. SMS creates new shares and directories on each installed server in order to populate them with files.

On Windows NT and OS/2 servers, SMS installs and starts the Inventory Agent service. On Windows NT servers, SMS also installs the Package Command Manager. To install these services, the SMS Windows NT service account must have the right to logon as a service at each Windows NT server.

For a single Windows NT domain SMS site, the SMS service account must be at least a member of the Local Administrators group and have right to logon as a service. If OS/2 servers are added to the NT domain, the SMS service account must be in the Global Administrators group

If an OS/2 domain is added to an existing SMS site, create an identical SMS user account in the Administrators group on the OS/2 domain (with the same password). This is necessary because OS/2 does not understand the concept of Local groups.

If a NetWare domain is added, each NetWare server must have a supervisor- equivalent user account identical to the Windows NT SMS account.

If you add a NT domain to an existing site, create a one way trust relationship from the new domain to the domain that contains the SMS service account. Once the trust relationship is active, add the SMS service account to the Local Administrators group in the new domain and give the account the right to Logon As A Service. Make sure that you use the full <trusted domain>\<username> syntax. This ensures that the proper domain validates the account through the trust relationship.

When connecting sites together in a hierarchy, no administrative rights are not required, and you don't have to create a trust relationship between the sites. The connection address for the respective sites must include the <destination domain>\<username> of the other site, and the account must have Change access to the SMS_SITE share.

Additional query words: sms prodsms
Keywords : kbnetwork ntdomain ntinfo ntinterop smsinv
Version : 1.0 1.1
Platform : WINDOWS

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: April 22, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.