locked
New Distribution point Access errors RRS feed

  • Question

  • Hi Guys

    I originally asked some questions regarding a new distribution point as per the below article.  I have posted a new question as that 1 was marked as answered.

    http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/ccf9c053-d107-4cb6-8f80-b99410851172/

    The problem I have now is that the remote distribution point gives me Audit Failures when my SCCM server tries to connect to it.  All servers are windows 2008.  I am creating Server share DP's as I am specifically wanting all the SCCM componets on a certain drive.  The DP is a DC in a remote location too.  In the event viewer I get a event 5140 and the computer account of the SCCM server cannot connect to the Admin$ share on the remote DP.  I can only change the share permissions on the shared folder I created but not on the Admin$ and since its a DC i cannot add the SCCM computer account to the local user groups.  How do i get around this problem in the best possible way in terms of central/best practise administration.

    The online documentation around Distribution points is not that great.

    Thanks.
    Monday, June 22, 2009 8:44 AM

Answers

  • since its a DC i cannot add the SCCM computer account to the local user groups
    It's a DC => no local groups exist => it's a domain group => you have to add the computeraccount to the domain group.
    Monday, June 22, 2009 8:59 AM

All replies

  • since its a DC i cannot add the SCCM computer account to the local user groups
    It's a DC => no local groups exist => it's a domain group => you have to add the computeraccount to the domain group.
    Monday, June 22, 2009 8:59 AM
  • Hi Torsten

    Do I need to add the computer account to the domain admins group?  If so is this how other people do it in this senario and are there security risks involved with this?

    Monday, June 22, 2009 9:02 AM
  • Hi,

    You need to make sure that the computer account (if you haven't specified another account) member of the local admin group. So do as Torsten is saying, and Yes it's secure. Nobody knows the password of the computer account and it's done this way by many. 
    Kent Agerlund | http://agerlund.spaces.live.com/blog/
    Monday, June 22, 2009 9:18 AM
  • As Kent said it has to be in the administrators group.
    Installing applications on dc's is never ideal from a security point of view, but since sccm is using computer accounts, the risk is mitigated a little.
    "Kent Agerlund" <=?utf-8?B?S2VudCBBZ2VybHVuZA==?=> wrote in message news:2b463e3e-7b46-4b3 b-9a73-f0b85d4ae89d...
    Hi,

    You need to make sure that the computer account (if you haven't specified another account) member of the local admin group. So do as Torsten is saying, and Yes it's secure. Nobody knows the password of the computer account and it's done this way by many. 
    Kent Agerlund | http://agerlund.spaces.live.com/blog/
    Wednesday, June 24, 2009 8:09 AM