That’s what I meant with simple: Don’t bother, just add them all. Through adding them to local admin, grants them access to install (remote) roles. That there are a few to many having access to the container isn’t really any issue, but much less hassle and always the same process.
-R From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kim Oppalfens Sent: Samstag, 7. Juni 2014 16:03 To: mssms@lists.myitforum.com Subject: RE: [mssms] Permissions on systems management container Indeed, but only add the site servers (primary and secondary) to this group. Although mp's are published it's the hierarchy manager component and the site component mgr component that do all the publishing not the mp itself Sent from my Windows Phone _____ From: Roland Janus <mailto:roland.ja...@hispeed.ch> Sent: 7/06/2014 13:30 To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: RE: [mssms] Permissions on systems management container I’d prefer to stick with simple: Add all servers into an AD group, add that group to local admin group on all servers and grant the same AD-group access to the container. Just adding any new server to the same group grants whatever access is needed and CM has all the access it needs also. -R From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Johns, Damon (DoJ) Sent: Samstag, 7. Juni 2014 05:07 To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: RE: [mssms] Permissions on systems management container Thanks, That’s what I thought however I’m stuffed if I could find confirmation easily on TechNet – I’m sure it’s there somewhere…. Cheers Damon From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of CESAR.ABREG0 Sent: Saturday, 7 June 2014 10:43 AM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] Permissions on systems management container No DPs are required, only site servers and MPs I believe which are the only ones publishing info to AD. Cesar A. Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half the blame for misspells. On Jun 6, 2014, at 2:51 PM, "Johns, Damon (DoJ)" <damon.jo...@justice.tas.gov.au <mailto:damon.jo...@justice.tas.gov.au> > wrote: Can I just get clarification on this, SCCM 2012 R2 with 1 Primary, SQL on box. When setting up stock standard DP the installation is failing due to the primary’s computer account not being a member of the local administrators group on that system. I can fix this issue but my question is: Q: In setting up a DP, do you need to add the computer account of that server to your ‘SCCM Site Systems’ AD Group which has full control over the Systems Management container in AD? The TechNet documentation is unclear: http://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_SetSMContainer I know it probably won’t matter in terms of the overall configuration etc however in this case I need to be 100% correct that the changes I’m making are the recommended, accepted method. Cheers Damon _____ CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission. _____ CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission.
