If your site servers and Microsoft System Center Configuration Manager 2007 System Health Validator points are not in the same Active Directory forest, you must designate the Active Directory forest and domain that will store the health state references, and you must specify an account to use when publishing the health state references to Active Directory Domain Services.
If no account is configured, Configuration Manager attempts to use the site server computer account to publish the health state references.
Required rights and permissions
This account requires Read, Write and Create permissions to the Active Directory forest holding the health state reference.
Account and password creation
The account is not automatically created. The Configuration Manager 2007 Administrator creates one account per site and manages the passwords.
The account should be created in the forest designated to store the health state references.
The administrator changes the account or password in the operating system, then configures Configuration Manager 2007 to use the new account or password. The account changes take place immediately within the forest designated to store the health state reference. The administrator should change the password within the Configuration Manager console immediately.
Security best practices
Assign the least possible permissions to this account. Do not use the same account for the Health State Reference Publishing account and the Health State Reference Querying Account because the Querying account requires only Read permissions.
TasksHow to Configure the Health State Reference Publishing Account
How to Specify the Health State Reference Publishing Account
ConceptsAbout the Health State Reference Querying Account
Other ResourcesAccounts Configured in the Configuration Manager Console
Network Access Protection in Configuration Manager