During the setup and operation of SCCM, you will be asked to provide credentials for several accounts.
In this post, will show you how to create SCCM service accounts and groups for successful deployment of SCCM.
If you use domain accounts and your domain Group Policy object (GPO) has the default password expiration policy set as required, you will either have to change the passwords on the service accounts according to the schedule, use system accounts, or configure the accounts so that the passwords never expire.
in this scenario I will configure the accounts so that the passwords never expire.
SCCM service accounts and groups
SCCM Service Accounts
Sccm_sql (SQL server service account)
Sccm_na (SCCM network access account)
SCCM Domain Users Accounts
Sccm_rs (SQL server reporting services account)
Sccm_ClientPush (SCCM client installation account)
Sccm_admin (install or update SCCM account)
SCCM Groups
Sccm_admins (group of sccm admins, includes “sccm_admin”, “sccm_sql”, “sccm_rs”, “sccm_na”)
Sccm_servers (group includes site servers, sccm server itself and SQL server computer accounts)
Add “sccm_admins” and “sccm_servers” into local Administrators group of SCCM server.
Add “sccm_ClientPush” account to Domain Admins group of your AD.
Let’s start by creating two Organization Unit (SCCM COMPUTER AND SCCM USERS)
Create child OUs in each of them:
SCCM COMPUTERS
- WORKSTATION
- SERVERS
SCCM USERS
- SCCM SERVICE ACCOUNTS
- SCCM DOMAIN USERS ACCOUNTS
- SCCM GROUPS
SCCM Service Accounts
Sccm_sql (SQL server service account)
Sccm_na (SCCM network access account)
SCCM Domain Users Accounts
Sccm_rs (SQL server reporting services account)
Sccm_ClientPush (SCCM client installation account)
Sccm_admin (install or update SCCM account)
SCCM Groups
Sccm_admins (group of sccm admins, includes “sccm_admin”, “sccm_sql”, “sccm_rs”, “sccm_na”)
Sccm_servers (group includes site servers, sccm server itself and SQL server computer accounts)
Add “sccm_ClientPush” account to Domain Admins group of your AD.
Add “sccm_admins” and “sccm_servers” into local Administrators group of SCCM server.
Thank you, I hope that it works but it should. I’m using the $29 pdf from System Center Dudes and the guide does not show me how to do the accounts.
LikeLike
Yep, it works perfectly
LikeLike
what is sql server computer accounts?
LikeLike
SQL and SCCM are installed on the same server.
LikeLike
having an SCCM_Client Push account into the domain admins is so wrong.
Although this guide is 2 years old this should be updated.
You should have seperate client push accounts for your servers and clients and just add them to the administrator groups on these devices. No domain admin rights are needed here.
LikeLike