Solved

Setting up a Proxy MP in SCCM...  (SQL question too)

Posted on 2011-03-25
1
870 Views
Last Modified: 2013-11-21
Hi All.  I just setup a secondary site w/o SQL and would like to set it as a Proxy MP and protected Distribution point.  While setting up the site was easy, some of the options seemed ambiguous to me when running the 'Add Role' wizard. Sorry for all the questions, just that the MS documentation on what to do AFTER you select 'Add Role' for a proxy MP is almost non-existent.  We are using SCCM 2007 R3 & SQL 2008 Std.

1. Setting up a ProxyMP on the new site.  Asking 'Specify the account used by management points computer account.  I selected 'Use the management points computer account.'  Correct?  Or should I use the SCCM Administrator account, which is in our Domain Admin AD Group?

2,  Should I check 'Allow only Site server initiated data transfers from the site system?'

3.  Should I check 'Allow devices to use this management point.'  Is this for client pcs, or does it mean mobile phones, etc.

4, 'Specify the account used by the management point to connect with the database.'  Default is to use the management points computer account.  Or should I use the SCCM Administrator account for this?

5,  Perhaps most important, how do I add the new secondary sites computer into SQL for proper permissions?  I did not setup SQL on the primary site this one will connect to, and not a 'SQL guy' in any way.  Is there a (relatively) easy guide that will walk me through doing this so the new secondary site  ProxyMP can properly connect to the parent SQL db?
0
Comment
Question by:NBquery
1 Comment
 
LVL 31

Accepted Solution

by:
merowinger earned 500 total points
ID: 35240307
1. Just cannot remember that option...Screenshot?
2. This option defines that only the site server can initate a connection to the mp and then gathers the information, but this makes only sense for security reasons, so that the mp cannot "attack" the site server
3. This option is for mobile device management points, so if there are no mobile devices, then ignore the option
4. Never take a domain user account like an administrator for such cases. The computer account password is unknown, so this is more secure.
The only security problem which exists with the computer account is that if the sql server would be hacked, then the management point can also be hacked easily. If you not want to use the computer account then you should create a service account which has just "domain user" rights in the domain and the specific permissons on the site server database. Here is some further information to this: http://technet.microsoft.com/en-us/library/bb632370.aspx
5. http://technet.microsoft.com/en-us/library/bb694113.aspx

Also check out this article:
http://technet.microsoft.com/en-us/library/bb680595.aspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now