SCCM installation and post requirements
I have searched several threads regarding the permission prerequisites for SCCM installation but have not found one that cleary addresses my question. I have setup the appropriate permissions with the SCCM computer accounts and site installation service accountadded to the local administrators group on the SQL server. Is this access still needed for post SCCM installation or can it be reduces once installation is complete? I would like to remove the SCCM computer accounts from the SQL local admin grouppost installation and reduce the SCCM service account from the sysadmin role on SQL. What is the supported configuration post installation?
February 16th, 2008 5:59am

Someone might know better, but I've never heard that we support reducing the permissions after installation. We state we require admin rights, and I don't know that we test restricting those after install. So, unless someone can state otherwise, I'm assuming it is admin rights always.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2008 6:04am

Thank you for the prompt response. I am going to need to get a more "official" answer on this as the DB and Security team in my company have issues with this config. If you could reach out to your contacts for an answer that would be great. Otherwise, I will engage MS through other channels. Again, thanks for the prompt response. RR
February 16th, 2008 6:33am

The official response is that we require admin rights to all site system computers, even after installation. There are ongoing tasks we perform after installation that will fail and generate errors/status messages if you were to remove it. With that said, for SQL Server: If the customer removes the local admininstrators group from the SQL sysadmin then we still work.
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2008 4:07am

The official response is that we require admin rights to all site system computers, even after installation. There are ongoing tasks we perform after installation that will fail and generate errors/status messages if you were to remove it. With that said, for SQL Server: If the customer removes the local admininstrators group from the SQL sysadmin then we still work. Hi Wally, do you mean the SQL sysadmin right for SCCM installation service account is not required after the installation? is it officially supported by Microsoft?
March 17th, 2011 9:09am

ConfigMgr uses the computer account of the siteserver for communicating with SQL. The account used during setup is no longer used after the site is up and running.Torsten Meringer | http://www.mssccmfaq.de
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2011 9:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics