Summary
In this tutorial, Jason from Technic Solutions guides you through the process of creating service accounts for client push installation and updating these accounts in the Configuration Manager Console. This comprehensive guide ensures you can efficiently manage your client push installations without requiring domain admin rights.
Highlights
- 🔧 Prerequisites: Review part 12 of the SCCM Current Branch Full Guide to understand client push installation and firewall configurations.
- 📜 Important Documentation: The client push installation account must be a member of the local administrators group on target client computers.
- 🔑 Domain Rights: The account does not need domain admin rights, only domain user permissions.
Key Insights
- 👤 Creating a Service Account: Log into the domain controller and create a user in Active Directory. The user is named "cm_cpi" for Client Push Install.
- 👥 Group Management: Create a new group named "Tech Next Local Admins" and add the "cm_cpi" account as a member.
- 🔄 Use of Group Policy: Create a Group Policy Object (GPO) to add "Tech Next Local Admins" to local administrators on target computers.
- 🔍 Verification: Use tools like Computer Management or PowerShell to verify that the GPO is correctly applied and the service account is added to local administrators.
- ⚙️ Configuration Manager Console Update: Replace domain admin accounts with the "cm_cpi" account in the Configuration Manager Console to align with Microsoft's best practices.
Conclusion
This video provides a detailed guide on setting up and verifying service accounts for client push installations. By following the steps outlined, you can ensure secure and efficient management of your client systems without compromising domain security.
Watch the Video
Video URL: https://www.youtube.com/watch?v=Pw02sTsipl4
