How does the SCCM client install on Domain Controllers without a local admins group to add the Client Push account to?

I deployed the SCCM client to some domain controllers and I simply checked the "Allow the client software to be installed on domain controllers" check box. 

The client began installing on the Domain Controllers, but how does it do this?

Thanks

August 26th, 2015 6:36pm

The account being used for push must be member of the domain admins group or something like that. 
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 1:54am

I would recommend against doing that and install the SCCM client domain controllers manually instead or through SCOM or something else, adding the client push account to the domain admins group is something I would avoid.

Regards,
Jrgen

August 27th, 2015 3:29am

Agree with Jrgen here. That's how I tend to do it for the DC's
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 6:00am

No push account was ever added to the Domain Admins, so now I am VERY confused on how the client installed on the domain controllers. 

I am not the Active Directory Admin so I do not have any admin rights on domain controllers, but I opened up the Domain Admins group and absolutely NO SCCM client push account was in there and the Domain Admin told me that he never added any SCCM client push account to Domain Admins and that he wouldn't anyway. 

WEIRD!!

Is there something else it uses? 
August 27th, 2015 1:47pm

No push account was ever added to the Domain Admins, so now I am VERY confused on how the client installed on the domain controllers. 

I am not the Active Directory Admin so I do not have any admin rights on domain controllers, but I opened up the Domain Admins group and absolutely NO SCCM client push account was in there and the Domain Admin told me that he never added any SCCM client push account to Domain Admins and that he wouldn't anyway. 

WEIRD!!

Is there something else it uses? 
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 5:46pm


I looked at the builtin\Administrators group in AD and there sitting in the group was in fact an SCCM push account. 

So I asked the Domain Admin about it and they did indeed add it after all. 

So that explains why. 

Sorry to have all of you scratching your head. 

August 28th, 2015 6:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics