Solved

Setting up a Proxy MP in SCCM...  (SQL question too)

Posted on 2011-03-25
1
874 Views
Last Modified: 2013-11-21
Hi All.  I just setup a secondary site w/o SQL and would like to set it as a Proxy MP and protected Distribution point.  While setting up the site was easy, some of the options seemed ambiguous to me when running the 'Add Role' wizard. Sorry for all the questions, just that the MS documentation on what to do AFTER you select 'Add Role' for a proxy MP is almost non-existent.  We are using SCCM 2007 R3 & SQL 2008 Std.

1. Setting up a ProxyMP on the new site.  Asking 'Specify the account used by management points computer account.  I selected 'Use the management points computer account.'  Correct?  Or should I use the SCCM Administrator account, which is in our Domain Admin AD Group?

2,  Should I check 'Allow only Site server initiated data transfers from the site system?'

3.  Should I check 'Allow devices to use this management point.'  Is this for client pcs, or does it mean mobile phones, etc.

4, 'Specify the account used by the management point to connect with the database.'  Default is to use the management points computer account.  Or should I use the SCCM Administrator account for this?

5,  Perhaps most important, how do I add the new secondary sites computer into SQL for proper permissions?  I did not setup SQL on the primary site this one will connect to, and not a 'SQL guy' in any way.  Is there a (relatively) easy guide that will walk me through doing this so the new secondary site  ProxyMP can properly connect to the parent SQL db?
0
Comment
Question by:NBquery
1 Comment
 
LVL 31

Accepted Solution

by:
merowinger earned 500 total points
ID: 35240307
1. Just cannot remember that option...Screenshot?
2. This option defines that only the site server can initate a connection to the mp and then gathers the information, but this makes only sense for security reasons, so that the mp cannot "attack" the site server
3. This option is for mobile device management points, so if there are no mobile devices, then ignore the option
4. Never take a domain user account like an administrator for such cases. The computer account password is unknown, so this is more secure.
The only security problem which exists with the computer account is that if the sql server would be hacked, then the management point can also be hacked easily. If you not want to use the computer account then you should create a service account which has just "domain user" rights in the domain and the specific permissons on the site server database. Here is some further information to this: http://technet.microsoft.com/en-us/library/bb632370.aspx
5. http://technet.microsoft.com/en-us/library/bb694113.aspx

Also check out this article:
http://technet.microsoft.com/en-us/library/bb680595.aspx
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL 2012 AOG and SQL2014 AOG 76 58
SQL Select - identify record discrepancies 1 29
Checking for column changes SQL 2014 4 16
Related to SQL Query 5 17
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
I have a large data set and a SSIS package. How can I load this file in multi threading?
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Via a live example, show how to shrink a transaction log file down to a reasonable size.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question