Topic last updated—March 2008
By default, the Microsoft System Center Configuration Manager 2007 multicast-enabled distribution points use the computer$ account when reading information from the site database, but you can configure a user account instead. Typically, you would need this account if the multicast-enabled distribution points need to access a site database in a remote, untrusted forest. For example, if your data center has a perimeter network in a forest other than the site server and site database, you can use this account to read the multicast information from the site database.
|The information in this topic applies only to Configuration Manager 2007 R2 and Configuration Manager 2007 R3.|
Required Rights and Permissions
If you configure this account, you must manually add it to the smsdbrole_MCS role in the Configuration Manager site database so that the multicast-enabled distribution point obtains the required rights and permissions. If you do not configure this account, the multicast-enabled distribution point's computer$ account is assumed to be in a trusted forest and Configuration Manager 2007 attempts to add it automatically to the smsdbrole_MCS.
Account and Password Creation
The account is not automatically created. The Configuration Manager 2007 Administrator creates one or more accounts for the multicast-enabled distribution points and manages the passwords.
The account can be created anywhere it can be added to the smsdbrole_MCS role in the Configuration Manager site database.
The administrator changes the account or password in the operating system, and then configures Configuration Manager 2007 to use the new account or password. The changes take effect immediately. If the existing account is replaced with another account, the administrator must manually add it to the smsdbrole_MCS role in the Configuration Manager site database.
Security Best Practices
Do not configure this account unless you need it to access a site database in an untrusted forest.
If you use this account, create it as a low-rights, local account on the computer running Microsoft SQL Server.
Do not grant this account interactive logon rights.