NTFS Security

[Previous] [Next]

As you know, an SMS 2.0 site server requires the existence of an NTFS partition that is at least 1 GB in size. This requirement extends to the main SMS directory, of course, but it also includes the client access point (CAP) and SMSLogon directories. You should invest some time in reviewing the permissions set by SMS both on the directories and on the shares SMS creates to learn why various connection accounts need to be created and how the permissions set by SMS affect the ability of these accounts to carry out a task.

SMS 2.0 Service Pack 1 makes some modifications to the permissions on the CAP directory originally set by the release to market (RTM) version of SMS 2.0. When you use SMS 2.0 with Service Pack 1 to install a new SMS site server, the new permissions will be automatically applied. However, if you apply the service pack to an existing SMS 2.0 site server, the CAP permissions are not automatically updated. Tables 16-1 through 16-5 can be used to verify the permissions on the CAP, as well as on the other SMS directories.

Table 16-1. Service Pack 1 CAP permission updates

Share or Directory Name Administrators Guests Users Windows NT Everyone NetWare Bindery Everyone Netware NDS OU
CAP_sitecode (share) Not assigned Not assigned Not assigned Full Folder not shared in NetWare environment Folder not shared in NetWare environment
CAP_sitecode Full Read Read Not assigned Read Read
Ccr.box Full Write Write Not assigned Write Write
Clicomp.box Full Read Read Not assigned Read Read
Clicomp.box subfolders Full Read Read Not assigned Read Read
Clidata.box Full Read Read Not assigned Read Read
Clifiles.box Full Read Read Not assigned Read Read
Clifiles.box subfolders Full Read Read Not assigned Read Read
Ddr.box Full Write Write Not assigned Write Write
Inventory.box Full Write Write Not assigned Write Write
Offerinf.box Full Read Read Not assigned Read Read
Pkginfo.box Full Read Read Not assigned Read Read
Sinv.box Full Write Write Not assigned Write Write
Statmsgs.box Full Write Write Not assigned Write Write

Table 16-2. SMS logon points folder and share permissions

Share or Directory Name Administrators Windows NT Everyone NetWare Bindery Everyone NetWare NDS OU
SMSLogon (share) Full Read Folder not shared in NetWare environment Folder not shared in NetWare environment
SMSLogon Full Read Read Read
Alpha Full None None None
Alpha.bin Full Read Folder not created in NetWare environment Folder not created in NetWare environment
Alpha.bin subfolders Full Read Folders not created in NetWare environment Folders not created in NetWare environment
Config Full Read Read Read
Ddr.box Full Write Write Write
i386 Full None None None
Logs Full None None None
Sites Full Read Read Read
Sites subfolders Full Read Read Read
Sitescfg Full None None None
X86.bin Full Read Read Read
X86.bin subfolders Full Read Read Read

Table 16-3. SMS distribution points folder and share permissions

Share or Directory Name Administrators Guests Users Windows NT Everyone NetWare Bindery Everyone Netware NDS OU
SMSPKGx$ (share) Not assigned Not assigned Not assigned Full Folder not shared in NetWare environment Folder not shared in NetWare environment
SMSPKGx$ Full Read Read Not assigned Read Read
<package id> Full Read Read Not assigned Read Read

Table 16-4. SMS site server folder and share permissions

Share or Directory Name Description Administrators Everyone SMSServer_sitecode (Internal Account)
SMS_sitecode (share) This share is associated with the \SMS directory—the installation directory for SMS on a site server. Not assigned Full Not assigned
SMS The directory into which SMS is installed on a site server. Full Not assigned Read
SMS_SITE (share) This share is associated with the SMS\Inboxes\Despoolr.box\Receive directory. Not assigned Full Not assigned
SMS\Inboxes\Despoolr.box\Receive This directory is used when data is transferred from a child site to its parent site. Full Not assigned Full
CINFO (share) This share is associated with the \SMS\Cinfo directory. Not assigned Full Not assigned
SMS\Cinfo This directory is used to store predefined report information created by users using Crystal Reports. Full Not assigned Read
SMS_CPSx$ (share) This share is associated with the \SMSPKG.Stores directory and stores compressed package source. The directory for this share is \SMSPKG. Not assigned Full Not assigned
SMSPKG This directory is used to store the compressed package source file created during the package distribution process. Full Not assigned Read

Table 16-5. SMS software metering server folder and share permissions

Share or Directory Name Administrators Everyone
LICMTR (share) Full Full
SWMTR Full Read
DLL files Full Read
EXE files Full Read



Microsoft Systems Management Server 2.0 Administrator's Companion
Microsoft Systems Management Server 2.0 Administrators Companion (IT-Administrators Companion)
ISBN: 0735608342
EAN: 2147483647
Year: 1999
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net