Topic last updated—November 2007

The following flowchart shows the security context that Microsoft System Center Configuration Manager 2007 clients use when downloading a package from a distribution point on the intranet.

Although the Network Access Account can be used as the security context to access content on a distribution point, the package runs only in the context of the logged-on user; or, if the program was configured to run with administrative rights, it runs in the context of the Local System account. The Network Access account is never used to actually run the program.

If a native-mode client is accessing a native-mode BITS-enabled distribution point, the client will randomly select between the NOCERT_SMS_DP_ and the SMS_DP_ virtual directories. If an intranet client cannot authenticate using the first selected virtual directory, the client automatically tries the other virtual directory. The flowchart shows the client using the SMS_DP_ virtual directory first as an example, but the actual process used is not deterministic.

flowchart for package access on intranet

See Also