Previous Page
Next Page

SMS Security Enhancements

SMS 2003 has had several security enhancements added to it to since SMS 2.0 that enhance security while also simplifying administrative security tasks, including the following (we discuss a few of these in the sections that follow):

  • Provides an advanced security mode that takes advantage of local system and computer accounts that are automatically maintained by the operating system.

  • Provides an advanced client that takes advantage of local system and computer accounts to run client tasks.

  • Implements hashing to guarantee the integrity of software distribution packages.

  • Reduces the impact on domain controllers by eliminating the need for SMS 2.0 logon points.

  • The SMS service account no longer must have domain administrator rights.

  • All site communication between SMS 2003 and SMS 2.0 sp5 sites is now signed.

  • Provides integrated support for Active Directory.

Advanced Security Model

SMS 2003 sites can be configured to run in either standard security mode or the advanced security mode. Standard mode does not require your SMS servers to be in Active Directory. Standard mode relies on using regular user accounts to run services, make changes to machines, and connect between machines. The advanced security mode configures all SMS services to run under the Local System account, using the host computer account to access network resources. Thus, advanced security mode eliminates the need to maintain multiple account passwords per site.

Important 

SMS 2003 sites running under the advanced security mode can communicate with those running under standard security.

Advanced Client

The new advanced client component of SMS 2003 can be used to manage both mobile and desktop users without differentiating between the two. The advanced client uses the BITS technology to transfer files to the client. Advanced clients can also perform global roaming in Active Directory.

Integrated Support for Active Directory

Active Directory integration makes it possible for you to identify software deployments and run reports by organization unit. WMI provides the infrastructure used to integrate Active Directory. Here are the Active Directory features of SMS 2003:

  • Active Directory synchronization

  • Active Directory-based site boundaries

  • Active Directory Discovery


Previous Page
Next Page