Change from SMS 1.x Previous versions of Systems Management Server (SMS) used only two accounts: the SQL Server account for access to the SMS site database (a SQL Server database), and the SMS Service account for everything else. SMS version 2.0 uses many more accounts, for supporting NetWare, for new features such as logon points and CAPs, and for improved security.
SMS can use several accounts to gain access to client and server computers, but the mandatory accounts are either specified during SMS Setup, or you specify them when configuring the features that rely on them.
Optional accounts are used for improving security. The SMS Service account is a highly privileged account that you might not want to propagate throughout your environment. Using the optional, lesser privileged accounts keeps the use of the SMS Service account at a minimum. However, if this security issue is not important to you in your environment, you need not create these accounts; SMS will work without them.
The following table lists the accounts used by SMS.
| Site system account | Provides |
|---|---|
| SMS Service (SMSService) | The site server with access to the SMS services (required) |
| SQL Server (sa) | SMS services with access to the SMS site database (required) |
| SMS Server Network Connection (SMSServer_sitecode) | SMS services with access to the site server and other site systems (required) |
| SMS Remote Service (SMSLogonSvc, SMSSvc_sitecode_xxxx) | SMS services with access to logon points and CAPs (required) |
| Software Metering Service (SWMAccount) | Software metering servers with access to the software metering service (required if using the software metering functionality) |
| Site System Connection | SMS services with access to NetWare site systems (required for NetWare site systems) |
| Site Address | Intersite communications (required for parent-child sites) |
| CCM Boot Loader DC (SMS#_DomainControllerName) | SMS with access to install CCM Boot Loader on domain controllers (required) |
| CCM Boot Loader Non-DC (SMSCCMBootAcct&) | SMS with access to install CCM Boot Loader on non-domain controllers (required) |
| Client account | Provides |
|---|---|
| SMS Client Network Connection (SMSClient_sitecode) | Windows NT client computers with access to CAPs and distribution points |
| SMS Client Remote Installation | SMS with installation access to Windows NT client computers, to install the SMS client software (required in NetWare environments; defaults to SMS Service account) |
| SMS Windows NT Client Software Installation | Advertised programs with a security context running on Windows NT client computers (optional) |
| Remote Tools Permitted Viewer | Administrators with Remote Control permissions on Windows NT client computers (required if using Remote Tools on Windows NT clients) |
| Client User Token (SMSCliTokAcct&) | SMS with access to create user tokens (this account is automatically created) |
| Client Services DC (SMS&_domain_controller_name) | SMS with access to start client software on domain controllers (automatically created) |
| Client Services Non-DC (SMSCliSvcAcct&) | SMS with access to install client software on site systems that are not domain controllers (automatically created) |