Package access accounts enable you to set permissions to specify users and user groups that can access a package directory on distribution points. By default, SMS makes these directories available to all users. If packages contain sensitive data or should otherwise have restricted access, you can configure package access accounts to limit access to specific users and user groups.
For each account, you specify the permissions that users and user groups can have. The following table lists the permissions that you can specify.
|No Access||Prevents the account from reading, writing, or deleting files on the package share.|
|Read||Enables the account to view and copy
files, run programs, change directories within the shared
directory, and read extended attributes of files.
By default, SMS grants the Users and Guests generic accounts Read permission to a package share on distribution points.
|Change||Enables the account to change the contents and extended attributes of files and to delete files. Change permission is required for applications that need to write information back to the shared package directory on the distribution point.|
|Full Control||Enables the account to write the
contents and extended attributes of files and to delete files.
By default, the Administrators generic account has Full Control permission so that the SMS components can access the package data.
The generic package access accounts (Users, Guests, and Administrators) are mapped to operating system-specific accounts, and the appropriate rights on each operating system are applied to the package folder on the distribution point.
Important If you remove the Administrators default account, SMS components cannot update and modify the package data.
If a client does not have sufficient rights to the package directory, the advertised programs within the package will not run.
Specify a Package Access Account
Modify a Package Access Account
Delete a Package Access Account
About Package Source Directories