As you know, an SMS 2003 site
server requires the existence of an NTFS partition that’s at least 1 GB
in size. This requirement extends to the main SMS directory, of course,
but it also includes the CAP and management point directories created
and maintained generally on the site server. You should invest some time
in reviewing the permissions set by SMS both on the directories and on
the shares SMS creates to learn why various connection accounts need to
be created and how the permissions set by SMS affect the ability of
these accounts to carry out a task.
Tip I
have found that when organizations make changes to the access levels
for Windows administrative shares, either through direct modification of
permissions or through application of a group policy, the changes can
affect SMS’s ability to create and maintain its own folders. If status
and log messages indicate a permissions issue when SMS is trying to
create or update a folder or file, the first thing to check should be
the Windows security you’re applying on the SMS server. Often a minor
change to a group policy can clear up major permission issues with SMS. |
You can use Tables 1 through 4
to verify the permissions on the site server, CAP, management point,
and distribution point. I’ll leave it to you to familiarize yourself
with the permissions on other site systems (after all, you have to get some
homework from me). In general, unless otherwise stated, sub-folders
inherit their permissions from their parent folder. For the site server,
I’ve identified the main shares and folders rather than iterating the
hundreds of folders that SMS creates and maintains. (Well, okay, maybe
not hundreds, but there are a lot!)
Table 1. CAP folder and share permissions| Share or Directory Name | Administrators | Guests | Users | Everyone |
|---|
| CAP_sitecode (share) | Not assigned | Not assigned | Not assigned | Full | | CAP_sitecode | Full | Read, Execute, List | Read, Execute, List | Not assigned | | Ccr.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned | | Clicomp.box | Full | Read, Execute, List | Read, Execute, List | Not assigned | | Clidata.box | Full | Read, Execute, List | Read, Execute, List | Not assigned | | Clifiles.box | Full | Read, Execute, List | Read, Execute, List | Not assigned | | Ddr.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned | | Inventory.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned | | Offerinf.box | Full | Read, Execute, List | Read, Execute, List | Not assigned | | Pkginfo.box | Full | Read, Execute, List | Read, Execute, List | Not assigned | | Sinv.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned | | Statmsgs.box | Full | Read, Write, Execute | Read, Write, Execute | Not assigned | | Swmproc.box | Full | Read, Execute, List | Read, Execute, List | Not assigned |
Table 2. Management point folder permissions| Share or Directory Name | Administrators | System | SMS_SiteSystemToSite ServerConnection_sitecode
|
|---|
| SMS\MP | Full | Full | Read, Execute, List | | SMS\MP\Outboxes | Full | Full | Read, Execute, List | | Subfolders of SMS\MP\Outboxes\ | Full | Full | Not assigned |
Table 3. SMS distribution points folder and share permissions| Share or Directory Name | Administrators | Guests | Users | Everyone |
|---|
| SMSPKGx$ (share) | Not assigned | Not assigned | Not assigned | Full | | SMSPKGx$ | Full | Read, Execute, List | Read, Execute, List | Not assigned | | <package id> | Full | Not assigned | Read, Execute, List | Not assigned |
Table 4. SMS site server folder and share permissions| Share or Directory Name | Description | Account | Permissions |
|---|
| SMS_sitecode (share) | This share is associated with the \SMS directory—the installation directory for SMS on a site server. | Everyone | Full | | SMS | The directory into which SMS is installed on a site server. | Administrators System SMS_SiteSystemToSiteServer-Connection_sitecode | Full
Full
Read, Execute,
List | | SMS_SITE (share) | This share is associated with the SMS\Inboxes\Despoolr.box\Receive directory. | Everyone | Full | | SMS\Inboxes\Despoolr.box\Receive | This directory is used when data is transferred from a child site to its parent site. | Administrators System SMS_SiteSystem-ToSiteServerConnection_sitecode | Full
Full
Full | | SMS Client | This share is associated with the \SMS\Client directory. | Everyone | Full | | SMS\Client | This directory is used to store the SMS client installation executable files. | Administrators System SMS_SiteSystem-ToSiteServerConnection_sitecode | Full
Full
Read, Execute, List | | | | Guests | Read, Execute, List | | | | Users | Read, Execute, List | | SMS_CPSx$ (share) | This share is associated with the x\SMSPKG folder, where x
represents the drive containing the folder. You identify this drive to
SMS through the Software Distribution component properties in the SMS
Administrator Console. | Everyone | Full Control | | SMSPKG | This directory is used to store the compressed package source file created during the package distribution process. | Administrators SMS_SiteSystemTo-SiteServerConnection_sitecode | Full
Read, Execute, List | | SMS_SUIAgent | This share is associated with the SMS\SUIAgent folder. | Everyone | Full | | SMS\SUIAgent | This directory is used to store the files associated with the Software Update Installation agents. | Administrators System SMS_SiteSystem-ToSiteServer-Connection_sitecode | Full
Full
Read, Execute, List |
|
