About the PXE Service Point Database Connection Account
Updated: July 1, 2009
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
By default, the Microsoft System Center Configuration Manager 2007 PXE service point uses its computer$ account when reading information from the site database, but you can configure a user account instead. Typically, you would need this account if the PXE service point needs to access a site database in a remote, untrusted forest. For example, if your data center has a secure perimeter network in a forest other than the site server and site database, you can use this account to read the PXE boot information from the site database.
Required Rights and Permissions
If you configure this account, you must manually add it to the smsdbrole_PSP role in the Configuration Manager site database so that the PXE service point obtains the required rights and permissions. If you do not configure this account, the PXE service point's computer$ account is assumed to be in a trusted forest and Configuration Manager 2007 attempts to add it automatically to the smsdbrole_PSP.
Account and Password Creation
The account is not automatically created. The Configuration Manager 2007 administrator creates one account per PXE service point and manages the passwords.
The account can be created anywhere it can be added to the smsdbrole_PSP role in the Configuration Manager site database.
The administrator changes the account or password in the operating system, and then configures Configuration Manager 2007 to use the new account or password. The changes take effect immediately. If the existing account is replaced with another account, the administrator must manually add it to the smsdbrole_PSP role in the Configuration Manager site database.
Security Best Practices
Do not configure this account unless you need it to access a site database in an untrusted forest.
If you use this account, create it as a low-rights, local account on the computer running SQL Server.
Do not grant this account interactive logon rights.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.