Understanding SMS Security

  • Article

Computer management systems such as Microsoft® Systems Management Server (SMS) are powerful systems and they often involve many, if not all, of the computers in an organization. It is critical that the security of your management systems does not become compromised. By properly securing your management systems, you help to ensure that unauthorized persons cannot use your management systems to access or disable your organization's computers. You can also audit the activity of authorized SMS administrators to ensure that they do not misuse their privileges.

Because SMS security is extremely important and because SMS is used in a wide variety of environments, SMS gives you a number of security options. You can select a combination of options that is appropriate for your organization, as described in Chapter 12, "Planning Your SMS Security Strategy." But first you must understand SMS security.

To provide all the flexibility, control, and interoperability that are required in the varied environments that SMS is used in, SMS includes numerous security options. With an overview of SMS security you can focus on the elements that are most relevant to you, and begin the security planning process with sufficient understanding to make the appropriate decisions for your organization.

Documented policies and procedures are beneficial for any system, and they are especially required for SMS security. By documenting your company's SMS security policies and the procedures to be used, all relevant staff and managers can have an opportunity to review those policies and procedures in a systematic way and ensure that your SMS sites remain secure.

SMS 2003 builds on the strong SMS 2.0 security environment in the following ways:

  • Provides an advanced security mode that takes advantage of local system and computer accounts that are automatically maintained by the operating system

  • Provides an Advanced Client that takes advantage of local system and computer accounts to run client-based tasks

  • Uses hashing to ensure the integrity of software distribution packages

  • Reduces the impact on domain controllers by eliminating the need for SMS 2.0 logon points

  • Eliminates the requirement that the SMS Service Account have domain administrator rights

  • Signs all site-to-site communications between SMS 2003 sites, and between SMS 2003 and SMS 2.0 sites running Service Pack 5

  • Integrates support for Active Director® security environments

Note:

  • Security is easier to manage if you configure it consistently throughout your SMS hierarchy.

In This Chapter

  • SMS Security Environment

  • SMS Security Modes

  • SMS Accounts and Groups

  • SMS Object Security

  • SMS Feature Security

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.