SCCM 2016 – Create Service and User Accounts
Fro SCCM to be installed successfully, the following accounts should be created which are used for different purposes.
- SCCM Service Accounts
- svc_SCCM_SQLService
- SQL Server service account
- The account used for SQL Server service account on SQL Server
- svc_SCCM_NetworkAccess
- SCCM Network Access Account
- The account used for the Network Access Account.
- svc_SCCM_SQLService
- SCCM Domain Users Accounts
- svc_SCCM_ClientPush
- Domain user account for use SCCM client push install
- The account used for Installing SCCM client on Client workstations
- svc_SCCM_SQLReporting
- Domain user account for use with reporting services User
- The account used for SQL Reporting Services
- svc_SCCM_DomainJoin
- Domain account used to join the machine to the domain during OSD
- Minimal Rights to join a computer to Domain
- svc_SCCM_ClientPush
- SCCM Groups
- svc_SCCM_Admins
- Domain group containing all SCCM Admins Group
- Require Local Admin rights for all SCCM Servers and Client Computers
- svc_SCCM_SiteServers
- Domain group containing all SCCM servers in the hierarchy Group
- Requires Local Administrators right on all SCCM Servers
- svc_SCCM_Admins
Now Add Site Server and Administrators account to Local Administrator accounts.
Add both SCCM Server computer account and the SCCM Administrator account to the local administrator group on the site server.
- SCCM-Admins
- SCCM-SiteServers
You can use Group Policy to do or add it manually on SCCM Site Servers and SQL Server.
Use the following links to go to required blog
Comments: 14
Hi Sai
To Install and work with SCCM Server effectively, you will need to give appropriate permission on SCCM Server. It depends on you how you add SCCM Administrators and SCCM site Server account to Local Administrators group on SCCM Server where you going to install SCCM.
you will need to add these roles on all SSCCM site Servers, if you are planning to install more than one.
SCCM-Admins – Domain group containing all SCCM Admins Group
SCCM-SiteServers – Domain group containing all SCCM servers in the hierarchy Group
SCCM Admins group members will have admin access, this is to simplify that you don’t have to add individual members.
SCCM Site Server account needs to be Local Administrators group in order to install SCCM properly.
For more information what each does for Cofniguration Manager, please visit – https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/accounts
I hope it all makes sense.
Please feel free to ask any question you may have.
Hi harimkbatth,
Is there any kind of documentation to support that(from technet). SCCM admins need to be local admins on the client machines.
thanks,
Sid.
Hi sid, have a look at this https://technet.microsoft.com/en-in/library/bb632954.aspx
For accounts used by configuration manager, read this https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/accounts
Thanks for the page. You are referring this to the SCCM installation. But not for managing the client. What kind of permissions do you require for using Right click tools
Hi sid, please refer to this page.
https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/accounts
can you please add some svreenshoys of how and where all these accounts are used and setup?
Service accounts are setup as per normal users. Every company have different standards for the service accounts.
These service accounts are used during the setup and if you follow my other blog pages for installation, you will be able to find this information.
Best of Luck!
Hi, How about Powershell script to create service and user accounts?
Yes they can be created via powershell.
But as every company have different OU Structure, it is preferred you do it yourself.
Thanks for finally talking about >SCCM 2016 – Create Service
and User Accounts | HarmikBatth.com <Loved it!
Hi nice post. I would also like to point this article for min perms for client push install account – https://www.prajwaldesai.com/minimum-permissions-required-to-push-sccm-client-agent/
does svc_SCCM_SQLService need to logon locally? because our security department wants to deny logon locally for this account.
No, svc_SCCM_SQLService needs to be a domain member and used while installing or configuring SCCM DB. SCCM installation wizard will automatically configure it with correct permissions.
SCCM SQL Service account does not need to have log on locally permissions