Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SMS Administrative Install
- Thread starter itoncall
- Start date
- Thread starter
- #2
I think you are asking how the SMS client is installed on a locked down device without requiring an admin to go to the PC and also not give admin rights to the user.
Here's how Wally Mead addresses that issue in a webcast (
"If you're on a Windows NT or a Windows 2000 client, and the logged-on user is not a local administrator, then the site server will need to interact with that client to get that client's components completely installed. The Client Configuration Manager on the site server will have to jump in and take part in the client installation process. So when Cliex32.dll runs now (this is as of Service Pack 2), it's going to try and access some client registry keys. If it can't access the registry keys, it's going to assume the logged-on user is not a local administrator, so he's a low rights user. If he's a low rights user, he's going to create a CCR, a client configuration request. The CCR is then copied to the client access point. It's moved to the site server from the CAP, and the site server's CCM, or Client Configuration Manager, is going to recognize that CCR and say, "I have to help install a client computer." In order for this to occur, the site server needs to have an administrator account on that local computer. That can be either the SMS Client Remote Installation account, which is not created by default, so it's an administrator-assigned account; or the SMS service account. By default, the SMS service account should work, because the way SMS is installed, the SMS service account is actually the Domain Administrators global group, and by default, Domain Administrators global groups are added to Local Administrators groups for all Window NT and Windows 2000 clients in the domain.
Here's how Wally Mead addresses that issue in a webcast (
"If you're on a Windows NT or a Windows 2000 client, and the logged-on user is not a local administrator, then the site server will need to interact with that client to get that client's components completely installed. The Client Configuration Manager on the site server will have to jump in and take part in the client installation process. So when Cliex32.dll runs now (this is as of Service Pack 2), it's going to try and access some client registry keys. If it can't access the registry keys, it's going to assume the logged-on user is not a local administrator, so he's a low rights user. If he's a low rights user, he's going to create a CCR, a client configuration request. The CCR is then copied to the client access point. It's moved to the site server from the CAP, and the site server's CCM, or Client Configuration Manager, is going to recognize that CCR and say, "I have to help install a client computer." In order for this to occur, the site server needs to have an administrator account on that local computer. That can be either the SMS Client Remote Installation account, which is not created by default, so it's an administrator-assigned account; or the SMS service account. By default, the SMS service account should work, because the way SMS is installed, the SMS service account is actually the Domain Administrators global group, and by default, Domain Administrators global groups are added to Local Administrators groups for all Window NT and Windows 2000 clients in the domain.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question