What share and NTFS permissions must I give users to deploy software through SCCM? I have one folder with all of the applications and would like to know.
Technology Tips and News
What share and NTFS permissions must I give users to deploy software through SCCM? I have one folder with all of the applications and would like to know.
Are you asking about users who will install apps through Software Center or the application catalog? Or are you asking about the users who create deployments?
In any case, your network access account should have Full access to the content source folders. Give Everyone full control for share permissions and lock down the folders using NTFS permissions.
Jason has a good reference here: http://blog.configmgrftw.com/configmgr-folder-structure/
No way! The network access account will never be used to access source files and no client will ever read from that sources.
In any case, your network access account should have Full access to the content source folders.
Guess I got that wrong. Thanks for correcting my inaccurate information, Torsten.
Where are the requirements for content source folder permissions documented?
Jeff
Read access to what?
There is nothing you need to do to file level security for ConfigMgr to deploy software.
Read access to what?
There is nothing you need to do to file level security for ConfigMgr to deploy sof
Once again, where are you talking about? You are providing no context for your question whatsoever so we're having to guess.
Are you talking about on the DP and MP? If so, then you should *not* touch anything that ConfigMgr has set up NTFS or share wise. It will set up everything needed.
Or, are you talking on the client?
Also, ConfigMgr does not use a service account.
Ultimately, please tell *much* more about what you're asking, why you're asking, are you troubleshooting a problem, etc.
Software deployments- There is a share that holds files for software deployments. What are the needed permissions for that folder? Why? Because I want to know. What- This is for software deployments and items listed in Software Center. Actually there is a service account that is setup here.
Guess I got that wrong. Thanks for correcting my inaccurate information, Torsten.
Where are the requirements for content source folder permissions documented?
Jeff
That still doesn't help. We're not prying, we're trying to help but we honestly have no idea what you are talking about. The more and better details that you can provide, the better we can help.
"Because I want to know" adds no value and does not help us help you. We need technical details -- we can't see what you are seeing and we can't read your mind.
And, you didn't really answer any of my questions.
I'll take another wild-guess though: If you are talking about the source file locations referenced within packages and applications, users do not access those. The computer account for the systems hosting the SMS Provider needs read access to the location(s) specified. Yes, this means both NTFS and share permissions assuming they are being referenced via a UNC.
Finally, there is no service account. If you've changed the account that the SMS_EXECUTIVE is running under, you're are now in a completely unsupported state that will have many issues. If instead you are talking about the Network Access Account, that is *not* a service account and is *not* used to access content source files.
Once again though, we're simply guessing because no one has any idea what you're doing. Please provide actual, technical de
Torsten already indicted this in his reply: "The SMS Provider" copies the files. As mentioned in my reply below, the computer account or the system hosting the SMS Provider is used and to copy a file, you need read access to that file.
None of this has anything to do with a user seeing a deployment in Software Center t
Torsten already indicted this in his reply: "The SMS Provider" copies the files. As mentioned in my reply below, the computer account or the system hosting the SMS Provider is used and to copy a file, you need read access to that file.
None of this has anything to do with a user seeing a deployment in Software Center t
Guess I got that wrong. Thanks for correcting my inaccurate information, Torsten.
Where are the requirements for content source folder permissions documented?
Jeff
What share and NTFS permissions must I give users to deploy software through SCCM? I have one folder with all of the applications and would like to know.
You don't, because, it doesn't work like that.
When you create an application (or a classic package), the "package source" folder/files, are copied/ingested into the content library (this is performed by the SMS Provider component/service).
Clients never access the package source. not ever.
Someone changed the permissions on our end. I get the follow error when trying to deploy an application.
This is why I need to know default permissions (Share and NTFS) for the folder software for deployments is kept in.
What are the steps that lead up to the error message?
Jeff
What are the steps that lead up to the error message?
Jeff
That has nothing to do with deploying or distributing the content then. It's as simple as your account does not have permissions to the MSI itself. When ConfigMgr creates an Application from an MSI, the console (using the person that is logged into console's credentials) opens the MSI and extracts some metadata from it. If it can't do that, then it won't be able to create the ap
That has nothing to do with deploying or distributing the content then. It's as simple as your account does not have permissions to the MSI itself. When ConfigMgr creates an Application from an MSI, the console (using the person that is logged into console's credentials) opens the MSI and extracts some metadata from it. If it can't do that, then it won't be able to create the applicat
Guess I got that wrong. Thanks for correcting my inaccurate information, Torsten.
Where are the requirements for content source folder permissions documented?
Jeff
The actual issue was that system was not listed.
I guess you mean the computer account for the server where SMS Provider is running? (by default this would be your site server).
The computer account, where the SMS Provider is running, needs permissions to the application installation source, so that the SMS Provider can access/ingest the installation source into the content library.
Many operations within ConfigMgr require that the various components, running on servers, use there computer account to perform tasks. It can be misleading/confusing, when the console user has the access permissions, but some things fail, because behind the scenes, the component/server computer account performs tasks in the background (triggered by the console actions). This is one of the main reasons why ConfigMgr servers need to be domain members - because computer accounts are used for many background tasks.