Microsoft Systems Management Server 2003 Administrators Companion [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Microsoft Systems Management Server 2003 Administrators Companion [Electronic resources] - نسخه متنی

Steven D. Kaczmarek

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید








NTFS Security


As you know, an SMS 2003 site server requires the existence of an NTFS partition that’s at least 1 GB in size. This requirement extends to the main SMS directory, of course, but it also includes the CAP and management point directories created and maintained generally on the site server. You should invest some time in reviewing the permissions set by SMS both on the directories and on the shares SMS creates to learn why various connection accounts need to be created and how the permissions set by SMS affect the ability of these accounts to carry out a task.





Tip

I have found that when organizations make changes to the access levels for Windows administrative shares, either through direct modification of permissions or through application of a group policy, the changes can affect SMS’s ability to create and maintain its own folders. If status and log messages indicate a permissions issue when SMS is trying to create or update a folder or file, the first thing to check should be the Windows security you’re applying on the SMS server. Often a minor change to a group policy can clear up major permission issues with SMS.


You can use Tables 17-1 through 17-4 to verify the permissions on the site server, CAP, management point, and distribution point. I’ll leave it to you to familiarize yourself with the permissions on other site systems (after all, you have to get some homework from me). In general, unless otherwise stated, subfolders inherit their permissions from their parent folder. For the site server, I’ve identified the main shares and folders rather than iterating the hundreds of folders that SMS creates and maintains. (Well, okay, maybe not hundreds, but there are a lot!)



















































Table 17.1: CAP folder and share permissions

Share or Directory Name


Administrators


Guests


Users


Everyone


CAP_sitecode (share)


Not assigned


Not assigned


Not assigned


Full


CAP_sitecode


Full


Read, Execute, List


Read, Execute, List


Not assigned


Ccr.box


Full


Read, Write, Execute


Read, Write, Execute


Not assigned


Clicomp.box


Full


Read, Execute, List


Read, Execute, List


Not assigned


Clidata.box


Full


Read, Execute, List


Read, Execute, List


Not assigned


Clifiles.box


Full


Read, Execute, List


Read, Execute, List


Not assigned


Ddr.box


Full


Read, Write, Execute


Read, Write, Execute


Not assigned


Inventory.box


Full


Read, Write, Execute


Read, Write, Execute


Not assigned


Offerinf.box


Full


Read, Execute, List


Read, Execute, List


Not assigned


Pkginfo.box


Full


Read, Execute, List


Read, Execute, List


Not assigned


Sinv.box


Full


Read, Write, Execute


Read, Write, Execute


Not assigned


Statmsgs.box


Full


Read, Write, Execute


Read, Write, Execute


Not assigned


Swmproc.box


Full


Read, Execute, List


Read, Execute, List


Not assigned






















Table 17.2: Management point folder permissions

Share or Directory Name


Administrators


System


SMS_SiteSystemToSite ServerConnection_sitecode


SMS\MP


Full


Full


Read, Execute, List


SMS\MP\Outboxes


Full


Full


Read, Execute, List


Subfolders of SMS\ MP\Outboxes\


Full


Full


Not assigned






















Table 17.3: SMS distribution points folder and share permissions

Share or Directory Name


Administrators


Guests


Users


Everyone


SMSPKGx$ (share)


Not assigned


Not assigned


Not assigned


Full


SMSPKGx$


Full


Read, Execute, List


Read, Execute, List


Not assigned


<package id>


Full


Not assigned


Read, Execute, List


Not assigned

















































Table 17.4: SMS site server folder and share permissions

Share or Directory Name


Description


Account


Permissions


SMS_sitecode (share)


This share is associated with the \SMS directory—the installation directory for SMS on a site server.


Everyone


Full


SMS


The directory into which SMS is installed on a site server.


Administrators

System

SMS_SiteSys- temToSiteServer- Connection_ sitecode


Full

Full

Read, Execute, List


SMS_SITE (share)


This share is associated with the SMS\Inboxes\ Despoolr.box\Receive directory.


Everyone


Full


SMS\Inboxes\ Despoolr.box\ Receive


This directory is used when data is transferred from a child site to its parent site.


Administrators

System

SMS_SiteSystem- ToSiteServerConnec- tion_sitecode


Full

Full

Full


SMS Client


This share is associated with the \SMS\Client directory.


Everyone


Full


SMS\Client


This directory is used to store the SMS client installation executable files.


Administrators

System

SMS_SiteSystem- ToSiteServerConnec- tion_sitecode


Full

Full

Read, Execute, List


Guests


Read, Execute, List


Users


Read, Execute, List


SMS_CPSx$ (share)


This share is associated with the x\SMSPKG folder, where x represents the drive contain- ing the folder. You identify this drive to SMS through the Software Distribution component properties in the SMS Administrator Console. (See Chapter 12, “Package Distribution and Management,” for more information.)


Everyone


Full Control


SMSPKG


This directory is used to store the compressed package source file created during the package distribution process.


Administrators

SMS_SiteSystemTo- SiteServerConnec- tion_sitecode


Full

Read, Execute, List


SMS_SUIAgent


This share is associated with the SMS\SUIAgent folder.


Everyone


Full


SMS\SUIAgent


This directory is used to store the files associated with the Software Update Installation agents.


Administrators

System

SMS_SiteSystem- ToSiteServer- Connection_sitecode


Full

Full

Read, Execute, List



/ 178