locked
Site system local administrator requirements RRS feed

  • Question


  • The scenario is a SCCM 2012 SP1 single Primary Site Server, remote SQL server and several Secondary Site servers.  SMS provider resides on remote SQL server.

    From memory:

     * The Primary Site server (domain computer account) requires local admin rights on the Secondary Site servers
     * The Primary Site server (domain computer account) requires local admin rights on the remote SQL server
     * The Secondary Site server and remote SQL server domain computer accounts don't require any permissions on the Primary Site server

    Are there any other requirement for local administrator rights on site server systems (not related to client push or system administration)?

    Can anyone point me to Microsoft documentation for this or advise on best practise? I can find a MS article on SQL Local Admin requirements (http://technet.microsoft.com/en-us/library/gg682077.aspx) but nothing else



    My Microsoft Core Infrastructure & Systems Management blog - blog.danovich.com.au

    Monday, September 23, 2013 2:29 PM

Answers

  • I would never put the SMS Provider on the SQL Server -- that means all of your consoles are directly connecting to the server. Also, it does weird things to permissions because the AD server account of the system hosting the SMS Provider is used for certain things like driver imports.

    Jason | http://blog.configmgrftw.com

    • Marked as answer by Joyce L Tuesday, October 8, 2013 1:43 PM
    Monday, September 23, 2013 3:40 PM

All replies

  • I did this because of errors otherwise. Some are not documented on Technet...

    1. Primary Site Server (local SQL): Local Administrators = Systems in the Primary site (e.g. remote DPs, AISP, etc) *** Some roles on remote systems give errors if you don't do this.

    2. Primary Site systems (e.g. remote DPs, etc): Local Administrators = Primary Site Server

    3. Secondary Site Server: Local Administrators = Primary Site Server

    4. Secondary Site systems (e.g. remote DPs): Local Administrators = Secondary Site Server + Primary Site Server *** I forget why I had to add the PS computer...

    Maybe someone else can explain better...

    Monday, September 23, 2013 2:47 PM
  • I would never put the SMS Provider on the SQL Server -- that means all of your consoles are directly connecting to the server. Also, it does weird things to permissions because the AD server account of the system hosting the SMS Provider is used for certain things like driver imports.

    Jason | http://blog.configmgrftw.com

    • Marked as answer by Joyce L Tuesday, October 8, 2013 1:43 PM
    Monday, September 23, 2013 3:40 PM