Create Service and User Accounts – SCCM 2016

During the setup and operation of SCCM, you will be asked to provide credentials for several accounts.

In this post, will show you how to create SCCM service accounts and groups for successful deployment of SCCM.

If you use domain accounts and your domain Group Policy object (GPO) has the default password expiration policy set as required, you will either have to change the passwords on the service accounts according to the schedule, use system accounts, or configure the accounts so that the passwords never expire.

in this scenario I will configure the accounts so that the passwords never expire.

SCCM service accounts and groups

SCCM Service Accounts

Sccm_sql (SQL server service account)

Sccm_na (SCCM network access account)

SCCM Domain Users Accounts

Sccm_rs (SQL server reporting services account)

Sccm_ClientPush (SCCM client installation account)

Sccm_admin (install or update SCCM account)

SCCM Groups

Sccm_admins (group of sccm admins, includes “sccm_admin”, “sccm_sql”, “sccm_rs”, “sccm_na”)

Sccm_servers (group includes site servers, sccm server itself and SQL server computer accounts)

Add “sccm_admins” and “sccm_servers” into local Administrators group of SCCM server.

Add “sccm_ClientPush” account to Domain Admins group of your AD.

Let’s start by creating two Organization Unit (SCCM COMPUTER AND SCCM USERS)

Create child OUs in each of them:

SCCM COMPUTERS

  • WORKSTATION
  • SERVERS

SCCM USERS

  • SCCM SERVICE ACCOUNTS
  • SCCM DOMAIN USERS ACCOUNTS
  • SCCM GROUPS

SCCM Service Accounts

Sccm_sql (SQL server service account)

Sccm_na (SCCM network access account)

SCCM Domain Users Accounts

Sccm_rs (SQL server reporting services account)

Sccm_ClientPush (SCCM client installation account)

Sccm_admin (install or update SCCM account)


SCCM Groups

Sccm_admins (group of sccm admins, includes “sccm_admin”, “sccm_sql”, “sccm_rs”, “sccm_na”)

Sccm_servers (group includes site servers, sccm server itself and SQL server computer accounts)


Add “sccm_ClientPush” account to Domain Admins group of your AD.


 

Add “sccm_admins” and “sccm_servers” into local Administrators group of SCCM server.


 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s