System Management Container AD Security Rights
Receive notification right in your inbox whenever new content like this is released & sign up for our email list!
We’ll send you the latest updates, how-to’s, and solutions to empower you at every endpoint.
Once the System Management container exists you can apply permissions (AD Security Rights) to it. It doesn’t matter how the container was originally created (see my blog post from yesterday). When applying permissions to the System Management container, I recommend using a security group. If you are not using a security group for your server(s), then instead use your server name when applying permissions.
In this example, I will be applying permissions to the System Management container for GartekCM12Server. By the way, if you need to apply permissions to the System container, the steps are exactly the same.
1. Click the Start menu on the desktop, next click Run, and then enter dsa.msc to open the Active Directory Users and Computers administrative tool.
2. Click View, and then click Advanced Features.
3. Expand the System container.
4. Right-click System Management and then click Properties.
5. In the System Management Properties dialog box, click the Security tab.
6. Click Add to add the CM12Server security group and grant the account Full Control permissions. Click Advanced.
7. Select the site server’s computer account, and then click Edit.
8. In the Apply onto drop-down box, select This object and all child objects.
9. Click OK three times to exit the security windows.
Now that you have applied the correct permissions to the System Management container, your Configuration Manager server can upload all Management Point (MP) details and boundary information to the System Management container.
In my blog post next week, I will show you how to create the System Management container even though my preference is to allow Configuration Manager to create the container itself. If you have any questions about how to set AD security rights for a System Management container, please contact me @GarthMJ. Or, you can leave a note in the comment section.