During the setup and operation of SCCM, you will be asked to provide credentials for several accounts.
In this post, will show you how to create SCCM service accounts and groups for successful deployment of SCCM.
If you use domain accounts and your domain Group Policy object (GPO) has the default password expiration policy set as required, you will either have to change the passwords on the service accounts according to the schedule, use system accounts, or configure the accounts so that the passwords never expire.
in this scenario I will configure the accounts so that the passwords never expire.
SCCM service accounts and groups
SCCM Service Accounts
Sccm_sql (SQL server service account)
Sccm_na (SCCM network access account)
SCCM Domain Users Accounts
Sccm_rs (SQL server reporting services account)
Sccm_ClientPush (SCCM client installation account)
Sccm_admin (install or update SCCM account)
SCCM Groups
Sccm_admins (group of sccm admins, includes “sccm_admin”, “sccm_sql”, “sccm_rs”, “sccm_na”)
Sccm_servers (group includes site servers, sccm server itself and SQL server computer accounts)
Add “sccm_admins” and “sccm_servers” into local Administrators group of SCCM server.
Add “sccm_ClientPush” account to Domain Admins group of your AD.
Let’s start by creating two Organization Unit (SCCM COMPUTER AND SCCM USERS)
Create child OUs in each of them:
SCCM COMPUTERS
- WORKSTATION
- SERVERS
SCCM USERS
- SCCM SERVICE ACCOUNTS
- SCCM DOMAIN USERS ACCOUNTS
- SCCM GROUPS
SCCM Service Accounts
Sccm_sql (SQL server service account)
Sccm_na (SCCM network access account)
SCCM Domain Users Accounts
Sccm_rs (SQL server reporting services account)
Sccm_ClientPush (SCCM client installation account)
Sccm_admin (install or update SCCM account)
SCCM Groups
Sccm_admins (group of sccm admins, includes “sccm_admin”, “sccm_sql”, “sccm_rs”, “sccm_na”)
Sccm_servers (group includes site servers, sccm server itself and SQL server computer accounts)
Add “sccm_ClientPush” account to Domain Admins group of your AD.
Add “sccm_admins” and “sccm_servers” into local Administrators group of SCCM server.