Physical Security

  • Article

Software security is critically important to SMS security, but without appropriate, basic, physical security, SMS can still be vulnerable. SMS security is designed on the premise that client computers might not be physically secure, and therefore SMS clients have no functionality that can be used to compromise SMS security.

Important:

  • This discussion presumes that users use client computers without elevated privileges on other computers. Privileged users with sufficient knowledge can easily turn any client computer into a console, If their privileges allow them to attach to a site server, then they have full access to the SMS system.

An SMS Administrator console, when connected to an SMS site server, can be used inappropriately to the detriment of SMS itself or to the computers it manages. Therefore, SMS Administrator consoles must always be physically secured while the user is logged on. Ideally, keep computers that run the SMS Administrator consoles in a locked room to protect them from unauthorized access. However, if this is not possible, secure these computers when administrators are not physically present by having the operating system lock the workstation, or by using a secured screen saver.

An SMS site server is also at risk if it is not physically secured while an administrator is logged on to it and while it is not guarded. Not only do site servers typically have an SMS Administrator console, but they also have the setup program that runs a site reset.

Like any server, site servers and site systems that are not physically secured can be compromised using a variety of techniques. After they are compromised, the SMS data and system could be misused. Therefore it is very important that all SMS site servers and site systems must be physically secured.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.