Specifying or defining an access account in Configuration Manager 2007 enables you to grant, limit, or revoke access to package source files on distribution points. Although the package share on a distribution point is, by default, a hidden share, controlling this access can be a useful security measure.
By default, when Configuration Manager creates the package share, it grants Read access to the local Users group and Full Control to the Administrators group. For more information, see About Package Access Accounts.
|In some cases, removing the Users group as a package access account might cause software distribution to fail. If the distribution point is in a native mode site, you must add IUSR_<computername> as a package access account with the permissions required to access to the package. If a distribution point is configured to allow anonymous access for mobile device clients, you must also add the Internet Guest account as a package access account.|
|You must have Modify permissions for the Package security object class to specify an access account. For more information about security permissions, see Classes and Instances for Object Security in Configuration Manager.|
To specify a package access account
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Software Distribution / Packages.
Expand to the package for which you want to specify an access account.
Right-click Access Accounts, point to New, and then click the type of access account you want to define:
- Generic Access Account
- Windows User Access Account
- Generic Access Account
- If you are creating a generic access account,
click the account type to create and then click OK.
- If you are creating a Windows User access
account, type the account name you want to grant permissions to, in
the form domain\user. Click the account type to create, and
then click OK.
- If you are creating a generic access account, click the account type to create and then click OK.
From the Permissions drop-down list, select the level of permissions to grant to the account. For more information about the permissions available, see About Package Access Accounts.
Refresh all distribution points associated with the package to ensure that all distribution points have the new access account information:
- Click Distribution Points to show all
distribution points associated with the package.
- Select each distribution point displayed in
the results pane, right-click, and then click Refresh
- Click Yes.
Note Each distribution point must be refreshed individually. Selecting all available distribution points, right-clicking, and then clicking Refresh will refresh only the results pane and will not resend the package to the distribution points.
- Click Distribution Points to show all distribution points associated with the package.