لطفا منتظر باشید ...
NTFS Security
As you know, an SMS 2003 site server requires the existence of an NTFS partition that’s at least 1 GB in size. This requirement extends to the main SMS directory, of course, but it also includes the CAP and management point directories created and maintained generally on the site server. You should invest some time in reviewing the permissions set by SMS both on the directories and on the shares SMS creates to learn why various connection accounts need to be created and how the permissions set by SMS affect the ability of these accounts to carry out a task.
| Tip | I have found that when organizations make changes to the access levels for Windows administrative shares, either through direct modification of permissions or through application of a group policy, the changes can affect SMS’s ability to create and maintain its own folders. If status and log messages indicate a permissions issue when SMS is trying to create or update a folder or file, the first thing to check should be the Windows security you’re applying on the SMS server. Often a minor change to a group policy can clear up major permission issues with SMS. |
You can use Tables 17-1 through 17-4 to verify the permissions on the site server, CAP, management point, and distribution point. I’ll leave it to you to familiarize yourself with the permissions on other site systems (after all, you have to get some homework from me). In general, unless otherwise stated, subfolders inherit their permissions from their parent folder. For the site server, I’ve identified the main shares and folders rather than iterating the hundreds of folders that SMS creates and maintains. (Well, okay, maybe not hundreds, but there are a lot!)
Share or Directory Name | Administrators | Guests | Users | Everyone |
|---|---|---|---|---|
CAP_sitecode (share) | Not assigned | Not assigned | Not assigned | Full |
CAP_sitecode | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Ccr.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned |
Clicomp.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Clidata.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Clifiles.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Ddr.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned |
Inventory.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned |
Offerinf.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Pkginfo.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Sinv.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned |
Statmsgs.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned |
Swmproc.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Share or Directory Name | Administrators | System | SMS_SiteSystemToSite ServerConnection_sitecode |
|---|---|---|---|
SMS\MP | Full | Full | Read, Execute, List |
SMS\MP\Outboxes | Full | Full | Read, Execute, List |
Subfolders of SMS\ MP\Outboxes\ | Full | Full | Not assigned |
Share or Directory Name | Administrators | Guests | Users | Everyone |
|---|---|---|---|---|
SMSPKGx$ (share) | Not assigned | Not assigned | Not assigned | Full |
SMSPKGx$ | Full | Read, Execute, List | Read, Execute, List | Not assigned |
<package id> | Full | Not assigned | Read, Execute, List | Not assigned |
Share or Directory Name | Description | Account | Permissions |
|---|---|---|---|
SMS_sitecode (share) | This share is associated with the \SMS directory—the installation directory for SMS on a site server. | Everyone | Full |
SMS | The directory into which SMS is installed on a site server. | AdministratorsSystemSMS_SiteSys- temToSiteServer- Connection_ sitecode | FullFullRead, Execute, List |
SMS_SITE (share) | This share is associated with the SMS\Inboxes\ Despoolr.box\Receive directory. | Everyone | Full |
SMS\Inboxes\ Despoolr.box\ Receive | This directory is used when data is transferred from a child site to its parent site. | AdministratorsSystemSMS_SiteSystem- ToSiteServerConnec- tion_sitecode | FullFullFull |
SMS Client | This share is associated with the \SMS\Client directory. | Everyone | Full |
SMS\Client | This directory is used to store the SMS client installation executable files. | AdministratorsSystemSMS_SiteSystem- ToSiteServerConnec- tion_sitecode | FullFullRead, Execute, List |
Guests | Read, Execute, List | ||
Users | Read, Execute, List | ||
SMS_CPSx$ (share) | This share is associated with the x\SMSPKG folder, where x represents the drive contain- ing the folder. You identify this drive to SMS through the Software Distribution component properties in the SMS Administrator Console. (See Chapter 12, “Package Distribution and Management,” for more information.) | Everyone | Full Control |
SMSPKG | This directory is used to store the compressed package source file created during the package distribution process. | AdministratorsSMS_SiteSystemTo- SiteServerConnec- tion_sitecode | FullRead, Execute, List |
SMS_SUIAgent | This share is associated with the SMS\SUIAgent folder. | Everyone | Full |
SMS\SUIAgent | This directory is used to store the files associated with the Software Update Installation agents. | AdministratorsSystemSMS_SiteSystem- ToSiteServer- Connection_sitecode | FullFullRead, Execute, List |
