Written By: admin
SCCM Administrators can configure their site server computer accounts as the push account by using a client user account password. If your clients are part of a domain, the client push account was have local administrator rights on the target client machines.
Can we use local accounts in an SCCM architecture for client push? Yes, we do have some flexible options including .\Administrator to take advantage of not just domain accounts but local accounts. This gives the SCCM administrators options when working with your organizations security and desktop teams. No longer do we have the problem of needing an account on all the target computers, but until the agent is installed, no way to get those accounts changed. Eliminated this catch-22 sneaker net problem is a major benefit to faster deployment of SCCM 2007 to your clients.
Are there any limitations to using .\administrator for your client push account? One major limitation – it can only have one password. ONE. Unless your organization has a single local admin account password, you may find yourself running scripts to automate this step. Now if your enterprise IT organization does not have a policy to manage local admin accounts, you need to get one today to improve this security risk. If your path to fix it is realize the problem, get SCCM clients installed, and then use SCCM to help you clean up this security hole, that works. Regardless of how you fix it, just do it right away.
Is there a better option? Set up a single system account with one and only one purpose – SCCM client push in your organization. Create that account, then drop it into an Active Directory AD group that has rights to the workstations within your enterprise. Why use a unique and separate service account for this? Isolation. This prevents any service account from running all across your enterprise. And security – the smaller the number of administrators who know the keys with huge access, the more secure your environment can be protected.
Administrators of Microsoft System Center Configuration Manager 2007 (SCCM 2007), the latest product version in the line of Systems Management Server products from Microsoft for the enables enterprise electronic software distribution, hardware inventory, software inventory and other capabilities.