[mssms] SMS 2003 Security Question [j9sdfa]
There was some further information that was in the email chain, but i don't have that available right now...
Thanks
Chris Nackers
Sub-Zero, Inc / Wolf Appliance, Inc
p: 608-204-6429
c: 608-354-5693
To add to this...
"Does only the SMS service account and software installation account need read/write access? "
There was a really good thread a few weeks ago where someone had worked out that Domain computers need read access, Network access accoutn needs read access
And the users need execute permissions, but not browse permissions.
That allows users to run self healing/repair on msi packages without being able to go nose around in the DP.
You have to set those NTFS [permissions on the package source before it is ever replicated around or sucked up into SMS.
here we go:
SMSPKG{x}$ folder is created on drive with most free space, where {x} is the drive letter, e.g., F:\SMSPKGF$ (this example will be used through the rest of the document)
- Default NTFS permissions (not inherited)
Users: Read & Execute
Administrators: Full Control
Guests: Read & Execute
- Package directories (named with the package ID) do not inherit permissions. By default, same as above except no Guest access.
- Package contents inherit permissions from package directory.
- Share of the same name is created, e.g., \\SMS2003\SMSPKGF$.
Default share properties:
- Permissions: Everyone: Full Control
- Description: SMS Site PS1 DP {datecreated}
- User limit: Maximum allowed
Thanks
Chris Nackers
Sub-Zero, Inc / Wolf Appliance, Inc
p: 608-204-6429
c: 608-354-5693
there was an article on myitforum that detailed the default permissions, thought i had it bookmarked but can't seem to find it.. i'll keep looking
Thanks
Chris Nackers
Sub-Zero, Inc / Wolf Appliance, Inc
p: 608-204-6429
c: 608-354-5693
Environment: SMS 2003 SP3 (Advanced security clients) running on Windows Server 2003 SP2
What should be the default folder permissions for the package source share, on an SMS 2003 SP3 central/primary server?
Does only the SMS service account and software installation account need read/write access?
I need to verify folder security here to limit user access to software package source files.
Brian
This e-mail originates from the City of Ottawa e-mail system. Any
distribution, use or copying of this e-mail or the information it
contains by other than the intended recipient(s) is unauthorized.
If you are not the intended recipient, please notify me at the
telephone number shown above or by return e-mail and delete
this communication and any copy immediately. Thank you.
Le présent courriel a été expédié par le système de courriels de
la Ville d'Ottawa. Toute distribution, utilisation ou
reproduction du courriel ou des renseignements qui s'y trouvent
par une personne autre que son destinataire prévu est interdite.
Si vous avez reçu le message par erreur, veuillez m'en aviser par
téléphone (au numéro précité) ou par courriel, puis supprimer
sans délai la version originale de la communication ainsi que
toutes ses copies. Je vous remercie de votre collaboration.
==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/
==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/
==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/
==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/
==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/
Published with BlogMailr
Trackbacks
No Trackbacks
Comments
No Comments
