narcoticmind Posted August 29, 2012 Report post Posted August 29, 2012 Just wondering what permissions does these SCCM 2012's service accounts need EXACTLY, for example: ClientInst = Local Administrator on site computers Network Access Account = ?? What permissions on the file server source?! Domain Join = ?? What permissions, where and how to set these? SQL Service account = ?? SCCM Admin = ?? What and where Definitive list would be good... also looking for some kind of guide for SCCM 2012 Delta Group Policy, how to set the user rights assignments right and so on... Thx in advance. Quote Share this post Link to post Share on other sites More sharing options...
Prajwal Desai Posted August 30, 2012 Report post Posted August 30, 2012 go through this link :http://www.windows-noob.com/forums/index.php?/topic/2317-using-vnext-in-a-lab-part-1-installation/ For client installation - the user account should be member of local administrator group of client machine (domain admin user account will also work). Domain Join - The user account that you create can be delegated to join the computers to domain. If you want to do it, delegate control in AD, select the user and give the permissions to join the computer to domain. SQL Service Account - After you install SQL server, login to it with Administrator. Expand option Security > right-click Logins > select the user account from Active directory and select sysadmin role. SCCM Admin - If you are using this account to install SCCM and manage SCCM, then the user account should be member of administrators group on SCCM server. Quote Share this post Link to post Share on other sites More sharing options...
narcoticmind Posted August 31, 2012 Report post Posted August 31, 2012 Thanks Prajwal Desai! Network Access Account is still a mystery to me, what account does SCCM use when it connects to the file source server for e.g. driver, apps, packages source? Quote Share this post Link to post Share on other sites More sharing options...
Prajwal Desai Posted August 31, 2012 Report post Posted August 31, 2012 @narcoticmind- The Network Access account is never used as the security context for running programs, installing software updates, or running task sequences, its used only for accessing resources on the network. Quote Share this post Link to post Share on other sites More sharing options...
narcoticmind Posted September 1, 2012 Report post Posted September 1, 2012 I know that. Just does it only need read-rights for the file source server or something more? Quote Share this post Link to post Share on other sites More sharing options...
narcoticmind Posted September 4, 2012 Report post Posted September 4, 2012 Anyone? Another question was about delta group policy for SCCM Primary Site Server, what user right assignments are needed for which accounts and so on? Quote Share this post Link to post Share on other sites More sharing options...
narcoticmind Posted September 7, 2012 Report post Posted September 7, 2012 Anyone? Quote Share this post Link to post Share on other sites More sharing options...
InigoMontoya Posted May 21, 2013 Report post Posted May 21, 2013 http://systemscentre.blogspot.com/2012/05/system-cennter-2012-service-accounts.html half way down the page you will find the needed permissions for the network access account and others Quote Share this post Link to post Share on other sites More sharing options...
noma Posted December 22, 2014 Report post Posted December 22, 2014 Hi , I would like to know , Should a SCCM administrator have a DOMAIN admin level access , so that he/she can perform his tasks such as trouble shooting client related issues on desktops/servers , managing the "system Management" container , accessing WMI/registry on remote sccm cleints , installing upgrades on the site server etc....effectively ? IF Domain level access is excessive for an SCCM administrator , what should be the minimum permission level needed for him/she to do the job effectively. _noma Quote Share this post Link to post Share on other sites More sharing options...
