DOWNLOAD THE CODE:
Download the Code 38488.zip

The Elevated-Rights Deployment Tool
The Administration Feature Pack requires that you install and run the Elevated Rights-Deployment tool from the primary SMS site. This tool helps SMS administrators deploy applications that require administrator rights on the local system. In many Windows networks, client machines are locked down because the average user doesn't need administrative privileges.

The Elevated-Rights Deployment tool lets you easily install application packages on XP, Win2K, and Windows NT. This tool uses encapsulation to distribute an SMS package for deployment. Using the Elevated Rights-Deployment tool to encapsulate a package is a two-step process.

First, to prepare the application, you use the executable with all the switches required for your deployment. For example, to install a security patch, the command line would look like

q300845_w2k_sp3_x86_en.exe -m -z

Second, using the Elevated Rights-Deployment tool, enter the network share for the package above to create a new installation file. This tool provides a new SMS package and advertisement for elevated-rights deployment to SMS clients. The Elevated Rights-Deployment tool creates a new SMS package that encapsulates the program with all the command-line switches. This new package, which can be advertised to SMS collections, should process like any other SMS package.

The Manage Site Accounts Tool
The Manage Site Accounts tool provides an easy method for managing all SMS site accounts across the SMS infrastructure. The SMS site account is a member of the Domain Administrators Group and, if compromised, could pose the highest level of a security risk. Many administrators have written scripting solutions to change the accounts that SMS uses. The Manage Site Accounts tool provides an easier management process to control accounts and passwords that SMS 2.0 requires in the hierarchy. If you're tired of making up secure passwords for the SMS service, you'll appreciate additional features such as command-line and scripting interfaces that let you create random passwords.

You can install this tool from any workstation that has SMS SP4 and any post-installation patches installed. The Manage Site Accounts tool installs the msac.exe command-line executable file, with which you can add, set, delete, and verify SMS accounts. You can create accounts and password updates for one site or multiple sites by using one command with switches.

The SMS Web Reporting Tool
The SMS Web Reporting tool has been available for more than a year and comes in both feature packs. You can install the tool from the primary SMS servers or other SMS support servers such as a Microsoft IIS server. Incidentally, if you have a Microsoft Premier Online Support account, you might have received the feature packs while they were in beta. If so, you might need to back up the SMS SQL Server database before installing the released versions of the SMS Web Reporting tools.

As Figure 1 shows, the SMS Web Reporting server for site AA1 is simply a Web server running Internet Information Services (IIS) 5.0; the latest security patches have been applied, and the server is running an earlier installation of the SMS Web Reporting tool that needs to be updated. Let's run through the process of using the new SMS Web Reporting installation wizard to update this site and verify the installation.

Prev. page     1 [2] 3 4     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

I read with interest Marshall Copeland's "Adding Value to SMS" (May 2003, http:// www.winnetmag.com, InstantDoc ID 38488) and in particular information about the Microsoft Systems Management Server (SMS) Administration Feature Pack. We've been using many of these tools since they were in beta release. We use the Manage Site Accounts utility to change our SMS accounts, and we've found a problem. One account that this tool can't manage is the Server Connection account, which is used to connect SMS services within an SMS site and is used by the SMS Provider service to connect to the database.<P> The Server Connection account is created automatically during installation, or you can specify an existing account by using the '/ServerAccount' Setup switch or the SMSAccountSetup.INI file. However, after you set this account, you can change it only by running a site reset locally on the site server. <P> I'm sure many SMS administrators have seen the prompt to reset this account during a site reset, haven't been sure what it refers to, and so have replied No and left it at that. More important, if the account is deleted and you haven't run a site reset to change the SMS Server account to a valid account, the site will very quickly stop working. Primary sites in particular are vulnerable because of their dependency on the SMS Provider service. <P> This problem might not concern all users of SMS. However, in a large hierarchy such as ours, in which security and account management are a high priority, this problem can cause serious operational difficulties.

Andrew Read- January 12, 2004