Can the SCCM agent be push installed to remote clients by using the DP server's computer$ account, rather than having a dedicated domain user account that is a member of the Domain Admin group (which is a major security risk)?
If so, a reference MS URL would be handy.
You don't need provide domain admin rights to client push. Also, computer$ (SMS server's) account for the install as first preference.
Anoop C Nair - Twitter @anoopmannur
MY BLOG: http://anoopmannur.wordpress.com
This posting is provided AS-IS with no warranties/guarantees and confers no rights.
"Configuration Manager 2007 will try to use the site system computer account. This account must have local administrator rights on every client to be installed"
For more information: http://technet.microsoft.com/en-us/library/bb680908.aspx
-- My System Center blog ccmexec.com -- Twitter @ccmexec
To go a little more in-despth explaning the correct answers provided above... SCCM will always first try to use the account specifed as the client installtion account. This account would need to have local admin rights on all computers. It is not ever recomended to add that account to domain admins, that's overkill and a security risk. Alternatively and preferably to using a client install account if no account is specified or if the client install account fails to connect the SCCM server machine account is used. I find it best to place all of my SCCM servers into an AD group, add that AD group to local admins using a GPO and do not specify a client install account.
John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
Thank you all you your excellent responses :-)
The following link reiterates what you all have said: http://technet.microsoft.com/en-us/library/bb632779.aspx