System Management Container AD Security Rights
Once the System Management container exists you can apply permissions (AD Security Rights) to it. It doesn’t matter how the container was originally created (see my recent blog post). When applying permissions to the System Management container, I recommend using a security group. If you are not using a security group for your server(s), then instead use your server name when applying permissions.
AD Security Rights
In this example, I will be applying permissions to the System Management container for GartekCM12Server. By the way, if you need to apply permissions to the System container, the steps are exactly the same.
1. Click the Start menu on the desktop, next click Run, and then enter dsa.msc to open the Active Directory Users and Computers administrative tool.
2. Click View, and then click Advanced Features.
3. Expand the System container.
4. Right-click System Management and then click Properties.
5. In the System Management Properties dialog box, click the Security tab.
6. Click Add to add the CM12Server security group and grant the account Full Control permissions. Click Advanced.
7. Select the site server’s computer account, and then click Edit.
8. In the Apply onto drop-down box, select This object and all child objects.
9. Click OK three times to exit the security windows.
Now that you have applied the correct permissions to the System Management container, your Configuration Manager server can upload all Management Point (MP) details and boundary information to the System Management container.