About the Client Status Reporting Service Account
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
The Client Status Reporting Service Account provides the security context to run the Configuration Manager Client Status Reporting account. In Microsoft System Center Configuration Manager 2007, the Configuration Manager Client Status Reporting account performs the following functions:
Adds data from client status reporting into the Configuration Manager 2007 database.
Controls the activity of client ping and client pulse according to the specified settings.
Processes, analyzes, and collates client status data and sends this to the Configuration Manager 2007 site database.
The information in this topic applies only to Configuration Manager 2007 R2 and Configuration Manager 2007 R3.
You can use either the local system account, or you can configure a user account.
Required Rights and Permissions
The client status reporting service account requires the following rights and permissions:
Local administrative rights on the client status reporting host system.
Logon as a service rights on the client status reporting host system.
Membership in the smsdbrole_CH role in the site database.
Read permissions to the share on the management point containing the policy request log files. For more information, see the topic How to Configure Policy Request Logging on Management Points in the client status reporting documentation.
Account and Password Creation
The administrator creates the account and password, and then configures it in the Configuration Manager 2007 Client Status Reporting console. For more information, see the topic "How to Configure the Client Status Reporting Service Account" in the help; for the Configuration Manager 2007 Client Status Reporting console.
The account can be created anywhere that it has the required rights and permissions.
The administrator performs all account and password maintenance. If you modify the account in the account database, you must also update the configuration in the Configuration Manager 2007 Client Status Reporting console.
Security Best Practices
Creating a user account with limited rights is more secure than using the Local System account. Create a user account with the required rights but remove the log on locally right from the account.
You have two options for configuring policy request logging. Granting the Client Status Reporting Service Account administrator rights on the management point is not recommended. While it introduces more configuration overhead, the more secure method is to manually enable policy logging on the management point and manually configure the log folder so that the Client Status Reporting Service Account has read access.
Do not assign any additional rights or permissions to this account, or use this account for anything except running the service on one or more client status reporting host systems.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.