SCCM 2007 Install - SQL Remote - SecurityAdmin Role granted to SCCM Component Server Computer Account
Hi, After installing SCCM 2007 in a two server configuration (SCCM component Server and seperate SQL 2008 server), my SQL administratrative team notcied that SCCM server is granted SecurityAdmin Role on the SQL database. This was granted during the SCCM installation... the access is granted to the Computer$ account of the SCCM server. I can see this when I go into the SQL Server Management Studio, go to the SMS_XYZ database and view Logins. I then highlight the SCCMcomputername$ account and can see in the right hand pane that is has SecurityAdmin SQL role. My SQL administrative team wants to remove this role for this account... but I don't know if this will impact SCCM. Does anyone have any documentation why this access is needed by SCCM or a reasoning why we should not remove access to it?
October 25th, 2010 10:08pm
My SQL administrative team wants to remove this role for this account... but I don't know if this will impact SCCM. It will impact ConfigMgr's functionality ... ConfigMgr will stop working completely if that account is removed: http://technet.microsoft.com/en-us/library/bb680595.aspx
October 26th, 2010 12:13am
The issue is not regarding removing the computer account from the local administrators group. (this must stay) The question has more to do with the SecurityAdmin Role given to the computer account in SQL. I think SCCM requires these rights as the account must manage additional SQL roles for SCCM: http://technet.microsoft.com/en-us/library/bb632943.aspx Just not sure why (in the above link) SecurityAdmin Role is not mentioned?
October 26th, 2010 1:43pm