Setting up a Proxy MP in SCCM... (SQL question too)

Hi All.  I just setup a secondary site w/o SQL and would like to set it as a Proxy MP and protected Distribution point.  While setting up the site was easy, some of the options seemed ambiguous to me when running the 'Add Role' wizard. Sorry for all the questions, just that the MS documentation on what to do AFTER you select 'Add Role' for a proxy MP is almost non-existent.  We are using SCCM 2007 R3 & SQL 2008 Std.

1. Setting up a ProxyMP on the new site.  Asking 'Specify the account used by management points computer account.  I selected 'Use the management points computer account.'  Correct?  Or should I use the SCCM Administrator account, which is in our Domain Admin AD Group?

2,  Should I check 'Allow only Site server initiated data transfers from the site system?'

3.  Should I check 'Allow devices to use this management point.'  Is this for client pcs, or does it mean mobile phones, etc.

4, 'Specify the account used by the management point to connect with the database.'  Default is to use the management points computer account.  Or should I use the SCCM Administrator account for this?

5,  Perhaps most important, how do I add the new secondary sites computer into SQL for proper permissions?  I did not setup SQL on the primary site this one will connect to, and not a 'SQL guy' in any way.  Is there a (relatively) easy guide that will walk me through doing this so the new secondary site  ProxyMP can properly connect to the parent SQL db?
NBqueryAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

merowingerCommented:
1. Just cannot remember that option...Screenshot?
2. This option defines that only the site server can initate a connection to the mp and then gathers the information, but this makes only sense for security reasons, so that the mp cannot "attack" the site server
3. This option is for mobile device management points, so if there are no mobile devices, then ignore the option
4. Never take a domain user account like an administrator for such cases. The computer account password is unknown, so this is more secure.
The only security problem which exists with the computer account is that if the sql server would be hacked, then the management point can also be hacked easily. If you not want to use the computer account then you should create a service account which has just "domain user" rights in the domain and the specific permissons on the site server database. Here is some further information to this: http://technet.microsoft.com/en-us/library/bb632370.aspx
5. http://technet.microsoft.com/en-us/library/bb694113.aspx

Also check out this article:
http://technet.microsoft.com/en-us/library/bb680595.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.