locked
Permissions for \\SCCMSERVER\sms_site\Client RRS feed

  • Question

  • Hello - it seems like the more I learn, the more I break. :)

    I have somehow managed to mess up the permissions for \\SCCMSERVER\sms_site\Client  I can get to \\SCCMSERVER\sms_site\ and see all the folders in that directory, but I can only read the contents of the AdminConsole folder.  I can't get to the client folder or any of the others anymore.  Is there a quick and easy fix?  I know I can add permissions manually, but I am hoping someone can tell me what the defaults are, so I don't open anything up that shouldn't be open.

    Thanks for any help.

    Murf

    Thursday, May 3, 2012 3:00 PM

Answers

  • I recommend never directly using this folder. If you are manually installing client agents, I always recommend using a copy of this folder. Partly because of what you are seeing: the defaut NTFS permissions on this folder are not set for anyone to be able to see it remotely. That means changing a default set of permissions which (at least in 2007) were reset by site resets which could lead to exactly what you are seeing at unexpected times. Also, the folder is not shared out by default which user accessible permissions for a reason.

    Here's a screenshot from my lab if it'll help you verify the permissions:


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Thursday, May 3, 2012 5:49 PM

All replies

  • I recommend never directly using this folder. If you are manually installing client agents, I always recommend using a copy of this folder. Partly because of what you are seeing: the defaut NTFS permissions on this folder are not set for anyone to be able to see it remotely. That means changing a default set of permissions which (at least in 2007) were reset by site resets which could lead to exactly what you are seeing at unexpected times. Also, the folder is not shared out by default which user accessible permissions for a reason.

    Here's a screenshot from my lab if it'll help you verify the permissions:


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Thursday, May 3, 2012 5:49 PM
  • Exactly right Jason, there are very good reasons we restrict the folders/shares on the site server.  Although it has become somewhat common to install the client from there for pilots and evaluations, especially in production the site server should not be used that way. 

    Stan

    Thursday, May 3, 2012 7:48 PM
  • Perfect.  Thank you for the information.

    -Murf

    Thursday, May 3, 2012 8:05 PM