Topic Last Updated—August 2008

Use this tab to specify the configuration of site systems in a Configuration Manager 2007 site. A site system is a server or share that provides functionality to the site, depending on the assigned role. A site system can perform one or more roles.

This tab applies to all site system types (such as server computers and server shares).

This tab contains the following elements:

Name:

Displays the name of the selected site system and is not editable. If the name is incorrect, delete the site system and reinstall it with the correct name. For more information about deleting site systems, see How to Delete a Site System.
Specify a fully qualified domain name (FQDN) for this site system on the intranet.

Enables or cancels the intranet FQDN text box, which allows you to specify an intranet FQDN for the site system.An FQDN is required for many scenarios in Configuration Manager including the following:
  • Automatic approval of trusted clients in mixed mode

  • Native mode if the site system PKI certificate uses an FQDN as specified in Certificate Requirements for Native Mode.

  • Environments that have multiple domains and do not use a fully replicated WINS.

Configuring an FQDN is also recommended if this site system will host the default management point that will publish to Domain Name System (DNS).For more information, see Determine If You Will Use FQDN Server Names and Determine If You Need to Publish to DNS.
Intranet FQDN

Enter a fully qualified domain name (FQDN) for the site system on the intranet. This can be the same FQDN as the server's network configuration, or it can be a CNAME (alias) configured on the intranet DNS.
Note
If you use a CNAME (DNS alias) rather than the computer name as your FQDN, you might need to register this as a Kerberos service principal name (SPN), so that IIS authentication succeeds. Use the Setspn utility that ships with Windows Server support tools to register the CNAME as an SPN in Active Directory Domain Services. For more information, see Troubleshooting Configuration Manager Client Issues.
If the site is in native mode, the intranet FQDN you specify here must match the intranet FQDN specified in the server's certificate subject name (or subject alternative name). For more information about the certificates for native mode, see Certificate Requirements for Native Mode.Enter an FQDN that adheres to RFC 1123:
  • ASCII letters, digits, and the `-' (hyphen or dash) character.

  • Labels cannot be all numbers, but can have a leading digit.

  • Labels must end and begin only with a letter or digit.

Important
Configuration Manager cannot validate that the name specified is configured on intranet DNS servers.
Specify an Internet-based fully qualified domain name for this site system

Enables or cancels the Internet FQDN text box, which allows you to specify an Internet FQDN for the site system if you are using Internet-based client management. This option is not required unless this site system will support Internet-based client management.For more information about Internet-based client management, see Deploying Configuration Manager Sites to Support Internet-Based Clients.
Note
This name must be registered on public Internet DNS servers so that Internet-based clients can resolve the name when they are on the Internet.
Internet FQDN

Enter a fully qualified domain name (FQDN) for the site system on the Internet. This can be the same FQDN as the server's network configuration, or it can be a CNAME (alias) configured on the Internet DNS.
Note
If you use a CNAME (DNS alias) rather than the computer name as your FQDN, and this site system will host an Internet-based distribution point, you do not need to register this CNAME as a Kerberos service principal name (SPN) unless you have modified the default Configuration Manager package permissions to be more restrictive and you are authenticating access to them by mapping computer certificates to Active Directory accounts.
The Internet FQDN you specify here must match the Internet FQDN specified in the server's certificate subject name (or subject alternative name). For more information about the certificates for native mode, see Certificate Requirements for Native Mode.
Important
Configuration Manager cannot validate that the name specified is configured on Internet DNS servers.
Use the site server's computer account to install this site system

The site server needs to authenticate on the site system to install, configure, and monitor site system roles. The most secure method of achieving this authentication is to use the site server's computer account if it is trusted by the site system. This trusted communication is automatically available in the following scenarios:
  • The site system is in the same Active Directory forest as the site server.

  • The site system is in a different Active Directory forest than the site server, but there is a forest trust in place.

  • There is an external trust in place between the site system's domain and the site server's domain (with the site system's domain trusting the site server's domain).

If there is no trust mechanism in place between the two servers, you must use and configure a Microsoft Windows user account that is trusted on the site system server.
Use another account for installing this site system

Use this option if you cannot use the site server's computer account to authenticate to the site system.You must also specify this option if you also select the option Allow only site server initiated data transfers from this site system on this tab.
Site System Installation Account

Displays the Windows user account that is specified to be used for site system installation.
Set

Click to open the Windows User Account dialog box to specify the Windows user account and password to use to authenticate the site server to the site system server.
Note
Universal Principle Names (UPNs) are not supported in Configuration Manager 2007, so the name format must be specified as domain\user.
Enable this site system as a protected site system

Enables or cancels the option to prevent clients from accessing the site system unless they are located within the configured protected boundaries of the site system. If a site system is configured as a protected site system and no boundaries are specified, clients will be unable to access the site system. This option applies only to site systems that are configured as distribution points and state migration points. Protected site systems cannot be configured for connections from clients over the Internet.
Select Boundaries

Click to open the Boundaries dialog box to specify protected boundaries for the site system.
Allow only site server initiated data transfers from this site system

By default, site systems initiate connections to the site server to send status information to the site. Enabling this option results in the site server initiating the connection to site systems that are configured for site system roles that are supported across forests. This configuration might introduce some latency in sending status messages, with a decrease in performance on the site server.The site system roles that support this option are the following:
  • Management point

  • Distribution point

  • Software update point

  • Fallback status point

  • Multicast point

Enable this option only if these site system servers are in different forests than the site server and you need to control the direction of connections between the servers. The most likely scenario for this requirement is when the site is configured for Internet-based client management and the site system is in the perimeter network with the site server on the intranet. For more information, see Site System Roles that Support Internet-Based Client Management.
Important
You must use the Site System Installation Account with this option, and you cannot use the site server's computer account even if a trust exists.
OK

Saves the changes, and exits the dialog box.
Cancel

Exits the dialog box without saving any changes.
Apply

Saves the changes, and remains in the dialog box.

See Also