Topic last updated—March 2008
The Client Status Reporting Service Account provides the security context to run the Configuration Manager Client Status Reporting account. In Microsoft System Center Configuration Manager 2007, the Configuration Manager Client Status Reporting account performs the following functions:
- Adds data from client status reporting into
the Configuration Manager 2007 database.
- Controls the activity of client ping and
client pulse according to the specified settings.
- Processes, analyzes, and collates client
status data and sends this to the Configuration Manager 2007 site
database.
 Note |
|---|
| The information in this topic applies only to Configuration Manager 2007 R2 and Configuration Manager 2007 R3. |
You can use either the local system account, or you can configure a user account.
Required Rights and Permissions
The client status reporting service account requires the following rights and permissions:
- Local administrative rights on the client
status reporting host system.
- Logon as a service rights on the client
status reporting host system.
- Membership in the smsdbrole_CH role in the
site database.
- Read permissions to the share on the
management point containing the policy request log files. For more
information, see the topic How to Configure Policy Request
Logging on Management Points in the client status reporting
documentation.
Account and Password Creation
The administrator creates the account and password, and then configures it in the Configuration Manager 2007 Client Status Reporting console. For more information, see the topic "How to Configure the Client Status Reporting Service Account" in the help; for the Configuration Manager 2007 Client Status Reporting console.
Account Location
The account can be created anywhere that it has the required rights and permissions.
Account Maintenance
The administrator performs all account and password maintenance. If you modify the account in the account database, you must also update the configuration in the Configuration Manager 2007 Client Status Reporting console.
Security Best Practices
Creating a user account with limited rights is more secure than using the Local System account. Create a user account with the required rights but remove the log on locally right from the account.
You have two options for configuring policy request logging. Granting the Client Status Reporting Service Account administrator rights on the management point is not recommended. While it introduces more configuration overhead, the more secure method is to manually enable policy logging on the management point and manually configure the log folder so that the Client Status Reporting Service Account has read access.
Do not assign any additional rights or permissions to this account, or use this account for anything except running the service on one or more client status reporting host systems.