?
Solved

Can only use SMS Admin Console if a Domain Administrator?

Posted on 2008-10-16
8
Medium Priority
?
459 Views
Last Modified: 2013-12-04
I need to add a user to be able to use Remote Tools with SMS. Whenever he launches the SMS Admin Console it immediately says Connection Failed: \\mysmsserver...  It works on the same computer when I run it as myself, so its not a connectivity issue.  We have tested and it looks like once we take someone out of the Domain Administrators group in Active Directory they get the same Connection Failed error.  Once they are put back in the Domain Admins group they can connect again.

Is there a lesser security group we can add users to so they can use SMS but not be a Domain Admin?
0
Comment
Question by:eServ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 8

Expert Comment

by:U_Mansson
ID: 22738310
You can configure a new or existing group/user in the console under Security Rights with the access the group/user should have in SMS
0
 

Author Comment

by:eServ
ID: 22741979
I have tried this extensively.  I have cloned our highest security group's rights to this user and he still cannot connect.
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 22747095
Add him to SMS Admins.  This is a local group that gets created on the SMS server.

Also, you'll need to make sure you add members to the remote tools group in SMS and give him rights to see the collections that they want to control.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:eServ
ID: 22748467
Ok I followed your direction still no luck.  But what I did was create a test user that does not have domain admin rights but can access the server and open the SMS Administrator Console.  But when I install the SMS Administrator Console on a remote machine and use the test account it gets a connection failed.  If I give test user domain admin rights all works fine.  Thoughts on why it works ok on the server but not on a remote computer?
0
 

Author Comment

by:eServ
ID: 22748512
Error message from client machine: Error(ConnectServer): Possible UI connection error code is -2147024891 [0x80070005]
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 2000 total points
ID: 22749080
0x80070005 means Access Denied.

Unfortunately, my SCCM server is at work, so I can't look how I have the techs setup, but there is a MS knowledge base article on this:

http://support.microsoft.com/kb/317872

Since it works on the local server with someone not in DA, I would start with the section "How to troubleshoot server connectivity" and work your way down.  I remember something vaguely about DCOM permissions when remote users couldn't run reports from the IIS server.

0
 

Author Comment

by:eServ
ID: 22749088
I will give it a shot - Thanks
0
 

Author Comment

by:eServ
ID: 22749224
Ok went through that article and I get to: Troubleshooting SMS namespace connectivity.  When I walk through this I get the following error


error.jpg
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question