If your site servers and Microsoft System Center Configuration Manager 2007 System Health Validator points are not in the same Active Directory forest, you must designate the Active Directory forest and domain that will store the health state references, and you must specify an account to use when publishing the health state references to Active Directory Domain Services.

If no account is configured, Configuration Manager attempts to use the site server computer account to publish the health state references.

Required rights and permissions

This account requires Read, Write and Create permissions to the Active Directory forest holding the health state reference.

Account and password creation

The account is not automatically created. The Configuration Manager 2007 Administrator creates one account per site and manages the passwords.

Account location

The account should be created in the forest designated to store the health state references.

Account maintenance

The administrator changes the account or password in the operating system, then configures Configuration Manager 2007 to use the new account or password. The account changes take place immediately within the forest designated to store the health state reference. The administrator should change the password within the Configuration Manager console immediately.

Security best practices

Assign the least possible permissions to this account. Do not use the same account for the Health State Reference Publishing account and the Health State Reference Querying Account because the Querying account requires only Read permissions.

See Also