If your Microsoft System Center Configuration Manager 2007 site servers and System Health Validator points are not in the same Active Directory Domain Services forest, you must designate the Active Directory forest and domain that will store the health state references, and you must specify an account to use when System Health Validator points read health state references from Active Directory Domain Services.
If no account is configured, Configuration Manager attempts to use the System Health Validator Point Computer account to read health state references.
Required Rights and Permissions
This account must be a domain user account with Read access to the Configuration Manager 2007 Systems Management container in the Global Catalog server.
Account and Password Creation
The account is not automatically created. The Configuration Manager 2007 administrator creates one account per site and manages the passwords.
The account should be created in the forest designated to store the health state references.
The administrator changes the account or password in the operating system, and then configures Configuration Manager 2007 to use the new account or password. Changes take effect during the next Active Directory query interval, which is configured in the System Health Validator Point Component properties, under Component Configuration.
Security Best Practices
Do not grant this account interactive logon rights.
Do not use the same account for both publishing and querying because the publishing account needs more privileges.