You must have a Windows account to log in and run Microsoft System Center Configuration Manager 2007 Setup.
Required rights and permissions
The account logged on when Configuration Manager 2007 is installed must be a domain user. If Configuration Manager is installed on a computer where the logged-on user account is a local account and not part of a domain, Setup might appear to succeed, but access to the Configuration Manager console fails and you will need to reinstall.
This account must have administrative rights on the site server and be a member of Sysadmins on SQL Server.
During Setup, the account is automatically added to the SMS Admins group.
After a fresh installation, the account will be the only user account with rights to the Configuration Manager 2007 console. If you are upgrading from a previous version, other administrators retain their existing rights to the console but are not automatically granted new rights to new objects.
|This is true even for software updates objects. Users who had full rights to all SMS 2003 software updates objects will have full rights to the same objects in Configuration Manager 2007 but will not have any rights to new object types such as templates.|
Account and password creation
The account must exist prior to running Configuration Manager 2007 Setup.
|Configuring this account to use a roaming profile is not supported when Group Policy is configured to Delete cached copies of roaming profiles on the site server computer.|
The account must be created in the Active Directory Domain Services database. The account must have administrator rights on the following computers.
- The site server computer
- The computer running SQL Server, if it is
remote from the site server
- The SMS Provider computer, if it is not
installed on the site server or site database server
The account is created and maintained in Active Directory Domain Services by a domain administrator.
Security best practices
Use a complex password.
After Setup, if you need to remove Configuration Manager 2007 rights from the account, add those rights to another account first.