SMS 2003 has had several security
enhancements added to it to since SMS 2.0 that enhance security
while also simplifying administrative security tasks, including the
following (we discuss a few of these in the sections that
follow):
Provides an advanced security mode that takes
advantage of local system and computer accounts that are
automatically maintained by the operating system.
Provides an advanced client that takes
advantage of local system and computer accounts to run client
tasks.
Implements hashing to guarantee the integrity
of software distribution packages.
Reduces the impact on domain controllers by
eliminating the need for SMS 2.0 logon points.
The SMS service account no longer must have
domain administrator rights.
All site communication between SMS 2003 and
SMS 2.0 sp5 sites is now signed.
Provides integrated support for Active
Directory.
Advanced Security Model
SMS
2003 sites can be configured to run in either standard security
mode or the advanced security mode. Standard mode does not require
your SMS servers to be in Active Directory. Standard mode relies on
using regular user accounts to run services, make changes to
machines, and connect between machines. The advanced security mode
configures all SMS services to run under the Local System account,
using the host computer account to access network resources. Thus,
advanced security mode eliminates the need to maintain multiple
account passwords per site.
Important
SMS 2003 sites running under the advanced
security mode can communicate with those running under standard
security.
Advanced Client
The new advanced client component of SMS 2003
can be used to manage both mobile and desktop users without
differentiating between the two. The advanced client uses the BITS
technology to transfer files to the client. Advanced clients can
also perform global roaming in Active Directory.
Integrated Support for Active Directory
Active Directory integration makes it
possible for you to identify software deployments and run reports
by organization unit. WMI provides the infrastructure used to
integrate Active Directory. Here are the Active Directory features
of SMS 2003: