SMS Security

• Can I Change the SMS Account Passwords? [2/12/00]
• Can I Use SMS to Scan My Network Shares for Privileges? [10/10/03]
• How Do Domain Controllers Know What the Password is for the SMSCliToknAcct& Account? [7/10/03]
• How Do I Configure SMS To Work Through My Firewall? [12/8/03]
• How often does the Password Change for the Client Connection Account? [2/12/00]
• Problems with SMS Passwords after Domain Admin Password changed [20/07/04]
• SMS Security Wizard allows you to Add one NT Local Group to Another [2/12/00]
• SMS Services repeatedly Re-install [8/11/00]
• What are all those SMS Accounts? [2/12/00]

Can I Change the SMS Account Passwords?

Is it OK to change the new accounts created by SMS 2.0 through User Manager? Are there any dependencies I should be concerned about?

Contributed By: Cliff Hobbs [MVP SMS]
If you created the account you should be able to manage it. If SMS created it leave well alone. Read the Security Essentials whitepaper that covers this amongst other things which is a MUST read for all SMS Admins.  You can get it off the SP2 CD or for a more up to date version goto:

http://www.microsoft.com/smsmgmt/techdetails/secessentials.asp

Can I Use SMS to Scan My Network Shares for Privileges?

Contributed By: Natalie Barsheshet and Cliff Hobbs [MVP SMS]
Wouldn’t it be useful if you could use SMS to tell you who has what share privileges on your network? Well SMS isn’t really the best tool for the job…  [Go to article]
 

How Do Domain Controllers Know What the Password is for the SMSCliToknAcct& Account?

Contributed By: Wally Mead [MS]
SMS generates a random password for the SMSCliToknAcct& account but ever wondered how Domain Controllers know what the password is?..  [Go to article]
 

How Do I Configure SMS To Work Through My Firewall?

Contributed By: Cliff Hobbs [MVP SMS]
Quite a common FAQ this one, which this article should hopefully answer…  [Go to article]
 

How often does the Password Change for the Client Connection Account?

Contributed By: Cliff Hobbs [MVP SMS]
A couple of important points:

• SMS NEVER changes any passwords for automatically generated accounts EXCEPT after a Site Reset
   
• If a resource that has the SMS client installed on is unable to contact a CAP for a month (for example a laptop off-site), the SMS client will de-install itself

The client connection account password can't be changed on a regular basis otherwise all of the clients will be orphaned. Microsoft recommend creating another client connection account as a fallback. Knowledge Base Article 237759 'Avoiding Client Lockout When Using Client Connection Accounts' describes best practice for managing the client connection account(s).
 

Problems with SMS Passwords after Domain Admin Password changed

SMS Security Wizard allows you to Add one NT Local Group to Another

Contributed By: Cliff Hobbs [MVP SMS]
When using the SMS Security wizard to manage SMS Security for a Local group, the wizard allows you to add a Local NT group to the 'SMS Admins' Local group on the SMS Site Server or remote SQL server (Local groups display with a Global group icon when browsing for users to add).

This behaviour only occurs when SMS is installed on a member server and according to Knowledge Base Article 238854 'SMS: Wizard Adds Local Groups in Other Local Groups' it has no adverse affects.
 

SMS Services repeatedly Re-install

I've noticed that some of my SMS Services are flagged to be re-installed. What causes this?

Contributed By: Cliff Hobbs [MVP SMS]
This is documented in 263398 'Systems Management Server Services May Reinstall Repeatedly' and is primarily caused by changes being made to the domain security policy.
 

What are all those SMS Accounts?

Contributed By: Cliff Hobbs [MVP SMS]
If you want to know what the SMS accounts are and what they are used for check out:

http://www.myitforum.com/articles/1/view.asp?id=2628

© FAQShop.com 2003 - 2008