Logo
PREGNANCY
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Microsoft Systems Management Server 2003 : Configuring the Software Distribution Component

4/26/2013 3:48:35 PM

You can configure additional settings for the package distribution process if the SMS defaults aren’t appropriate within your environment.

To access these settings, in the SMS Administrator Console, navigate to the Component Configuration folder under the site name, the Site Settings, expand it, right-click Software Distribution, and select Properties to display the Software Distribution Properties dialog box, shown in Figure 1.

Figure 1. The General tab of the Software Distribution Properties dialog box.


The Package Processing Thread Limit option in the General tab lets you identify how many threads to allocate to Distribution Manager to process packages for the site. The default value is 3, but it can range from 1 through 7. In this case, more is not always better. If your site server were only processing packages—and not performing any other functions—you might bump up this number, monitor the site server’s performance, and determine what value achieves an optimum level of performance between package processing and other server functions. A higher number of allocated threads might be appropriate and assignable.

However, if the site server has all SMS functions enabled—package distribution, Remote Tools, inventory collection, all site system roles, and so on—increasing the number of threads might prove to be detrimental to the site server’s overall performance. The best rule of thumb would be to try adjusting the number if you think you need to improve package processing performance and then use the various tools available to monitor the site server’s performance and its other functions to find the best balance.

Three other options you can configure in the General tab are Location Of Stored Packages, which identifies for SMS the drive on which it should create the compressed package folder (SMSPKG), the Legacy Client Software Installation account, and the Advanced Client Network Access account. When programs are executed at the client computer, they will run under the local user account’s security context unless otherwise noted in the program properties. Since most users are logged on as users and not as administrators, this means that these programs will run under the local user context. As you have probably discovered, most application software installs .DLL files, modifies registry entries, stops and starts services, and performs other tasks that require an administrative security context on the client. For Windows 98 clients, this security context is not usually a big issue. However, it’s a big issue for SMS clients running Windows NT 4.0 or later since they maintain a local account database and provide more security over system modifications.

Security poses a problem when you’re dealing with SMS packages. One of our main objectives here is to be able to remotely install software on clients without the user’s—or the administrator’s—intervention.

SMS 2003, however, does provide solutions to the security issue for both the Legacy Client and the Advanced Client. The first involves the use of an internal account that SMS creates on the Legacy Client when a higher level of security access is required to run a program. This account, named SMSCliToknAcct&, is created automatically and is granted Act As Part Of The Operating System, Log On As A Service, and Replace Process Level Token user rights on the client. The SMSCliToknAcct& account will be sufficient in most cases. However, if the program execution requires that the program connect to network resources other than the distribution point, SMSCliToknAcct& will fail because it’s created as a local account rather than a domain account. In this case you should identify and use the Legacy Client Software Installation account.

You create the Legacy Client Software Installation account in the Windows domain (or domains) your clients are members of. The easiest thing to do, of course, would be to make the account a member of the Domain Admins global group in the domain that the Windows client is a member of. As you know, when a computer running Windows joins a Windows domain, the Domain Admins global group is made a member of the local Administrators group on that computer. Making the account a member of the Domain Admins group would give it the appropriate level of local rights on the Windows client (provided you haven’t altered the local Administrator group memberships to exclude the Domain Admins group), but this arrangement isn’t secure. Ideally, this account should be made a direct member of the local Administrator’s group on each client computer or be given the appropriate level of security access required to run the programs you create.

After you create and configure the account appropriately, identify it to SMS in the General tab of the Software Distribution Properties dialog box by clicking Set next to the Legacy Client Software Installation Account text box and entering the name of the account in the Windows Account dialog box.

Ideally, for Windows 2000 clients and later, you should install the SMS Advanced Client, as this is a more secure SMS client. One of the ways in which this security is manifested is in its use of computer accounts to carry out tasks like installing software on the client. When the client connects to a distribution point, it uses the security context of the local user to do so. You can specify an optional Advanced Client Network Access account to make this connection more secure. Create this account in the domain as you would the Legacy Client Connection account.

After you create and configure the account appropriately in the domain, identify it to SMS in the General tab of the Software Distribution Properties dialog box by clicking Set next to the Advanced Client Network Access Account text box and entering the name of the account in the Windows Account dialog box.

The Retry Settings tab of the Software Distribution Properties dialog box is fairly self-explanatory, as shown in Figure 2. It lets you alter the retry settings for Distribution Manager’s attempts to deliver packages and for Advertisement Manager’s attempts to advertise programs and specify the delay between attempts.

Figure 2. The Retry Settings tab.

Other -----------------
- Client Access to Exchange Server 2007 : Getting the Most Out of the Microsoft Outlook Client - Security Enhancements in Outlook 2007
- Client Access to Exchange Server 2007 : Getting the Most Out of the Microsoft Outlook Client - What's New in Outlook 2007
- Windows Server 2008 R2 : High Availability, Live Migration, and Snapshots
- SharePoint 2010 : Configuring Search Settings and the User Interface - Search Alerts Administration, Search Suggestions
- SharePoint 2010 : Configuring Search Settings and the User Interface - Search Keywords
- BizTalk Server 2006 : Starting a New BizTalk Project - Creating a Build-and-Integration Environment (part 2) - Using Test-Driven Development, Creating a BizTalk Installation Package
- BizTalk Server 2006 : Starting a New BizTalk Project - Creating a Build-and-Integration Environment (part 1) - Five-Step Build Process
- Maintaining Dynamics GP : Maintaining updated code by rolling out Service Packs with Client Updates
- Maintaining Dynamics GP : Providing correct tax information by Updating 1099 information
- SQL Server 2008 R2 : Creating and Managing Stored Procedures - Startup Procedures
- SQL Server 2008 R2 : Creating and Managing Stored Procedures - Using System Stored Procedures
- Windows Server 2003 : Windows Firewall (part 3) - Service Pack Firewall Modifications - Modifying firewall behavior using the Windows Firewall INF file and unattend.txt
- Windows Server 2003 : Windows Firewall (part 2) - Service Pack Firewall Modifications - Modifications
- Windows Server 2003 : Windows Firewall (part 1) - Internet Connection Firewall
- Windows Server 2003 on HP ProLiant Servers : Server Placement (part 3) - Flexible Single Master Operations (FSMO) Placement
- Windows Server 2003 on HP ProLiant Servers : Server Placement (part 2) - DC Placement, GC Placement
- Windows Server 2003 on HP ProLiant Servers : Server Placement (part 1) - DNS Placement, Site Affinity
- Managing SharePoint 2010 with Windows PowerShell : Managing SharePoint 2010 Sites (part 2)
- Managing SharePoint 2010 with Windows PowerShell : Managing SharePoint 2010 Sites (part 1)
- System Center Configuration Manager 2007 : Reporting Configuration (part 3) - Console Reporting Links, Relational Database Concepts
 
 
Most view of day
- SharePoint 2010 : Packaging and Deployment Model - Working with Packages
- Windows Phone 8 : Phone-Specific Design (part 1) - The ApplicationBar in Blend
- Microsoft Visio 2010 : Working with Data - Creating Reports (part 1) - Introducing the Report Definition Wizard
- Client Access to Exchange Server 2007 : Getting the Most Out of the Microsoft Outlook Client - Understanding RPC Over HTTPS in Outlook 2007
- Sharepoint 2013 : Backup and Restore (part 1) - Site Collection Backups
- Understanding IPv6 (part 2) - Understanding ICMPv6 Messages, Understanding Neighbor Discovery
- Sharepoint 2013 : Branding with the Design Manager (part 2) - Creating a Brand
- Windows Server 2003 : Protecting Hosts with Windows Host Firewalls - Routing and Remote Access Basic Firewall
- Sharepoint 2013 : Get to a Site’s Permission Management Page (part 1)
- Windows Server 2012 : Implementing DNSSEC (part 2) - How DNSSEC works,Deploying DNSSEC
Top 10
- Windows Phone 8 : Configuring Mailbox Settings (part 5) - Configuring Automatic Replies
- Windows Phone 8 : Configuring Mailbox Settings (part 4) - Lightening the Display,Changing the Mailbox Sync Settings
- Windows Phone 8 : Configuring Mailbox Settings (part 3) - Message Signatures, Blind CCing Yourself
- Windows Phone 8 : Configuring Mailbox Settings (part 2) - Unlinking Mailboxes, Conversation View
- Windows Phone 8 : Configuring Mailbox Settings (part 1) - Linking Mailboxes
- Managing Windows Server 2012 Systems : Configuring Roles, Role Services, and Features (part 6) - Tracking installed roles, role services, and features
- Managing Windows Server 2012 Systems : Configuring Roles, Role Services, and Features (part 5) - Installing components at the prompt
- Managing Windows Server 2012 Systems : Configuring Roles, Role Services, and Features (part 4) - Managing server binaries
- Managing Windows Server 2012 Systems : Configuring Roles, Role Services, and Features (part 3) - Adding server roles and features
- Managing Windows Server 2012 Systems : Configuring Roles, Role Services, and Features (part 2) - Installing components with Server Manager - Viewing configured roles and role services
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro