How to Set AD Security Rights for the System Management Container
By Garth Jones
Once the System Management container exists you can apply permissions to it; it doesn’t matter how the container was originally created (see my blog post from yesterday). When applying permissions to the System Management container, I recommend using a security group. If you are not using a security group for your server(s), then instead use your server name when applying permissions.
In this example, I will be applying permissions to the System Management container for Gartek\CM12Server. By the way, if you need to apply permissions to the System container, the steps are exactly the same.
1. Click the Start menu on the desktop, next click Run, and then enter dsa.msc to open the Active Directory Users and Computers administrative tool.
2. Click View, and then click Advanced Features.
3. Expand the System container.
4. Right-click System Management and then click Properties.
5. In the System Management Properties dialog box, click the Security tab.
6. Click Add to add the CM12Server security group and grant the account Full Control permissions. Click Advanced.
7. Select the site server’s computer account, and then click Edit.
8. In the Apply onto drop-down box, select This object and all child objects.
9. Click OK three times to exit the security windows.
Now that you have applied the correct permissions to the System Management container, your Configuration Manager server can upload all Management Point (MP) details and boundary information to the System Management container.
In my blog post next week, I will show you how to create the System Management container even though my preference is to allow Configuration Manager to create the container itself.