SMS: How to Create a Custom Remote Control Group in SMS

ID: Q191336

The information in this article applies to:

Microsoft Systems Management Server version 1.2

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

The information in this article is intended to help set up a group that will be primarily responsible for performing the Remote Control functions of a production help desk. This article will cover how to set up the IDs in SQL Server and Systems Management Server as well as how to update the clients in the site so that the newly created group can take remote control of the computers.

MORE INFORMATION

The first task in this process is the creation of the ID in the SQL Enterprise Manager. With SQL Server in Standard security, the steps in creating this ID are:

1. Open the SQL Enterprise Manager.

2. Open the Databases folder and expand the SMS database so that the

   folders Groups/Users and Objects appear.

3. Under the SMS database, right-click the Groups/Users folder and then

   click New Group on the shortcut menu to create a new group for the users
   that will have the Remote Control responsibilities.

4. Type the name of the group, click Add to create it, and then click

   Close.

5. Right-click the Logins folder at the bottom of the SQL Server tree and

   then click New Login on the shortcut menu.

6. Add the name of the login and give it a password. Give this new user the

   Permit right to the SMS database. Click the Group field for the SMS
   database to reveal the Group drop-down menu. Specify the group that you
   created in steps 4 and 5 and then click Add. Repeat steps 5 and 6 for
   each user you want to create.

7. Open and log in to the SMS Security Manager. This may take a few

   minutes.

8. In the ID drop down box in the upper left, you should see "dbo" by

   default. Change this to the new login ID that you just created in the
   SQL Enterprise Manager. All of the Objects listed should show "NO
   ACCESS" in both Proposed and Current Rights.

9. Give the following objects these rights:

      Alerts                No Access
      Architectures         View
      Diagnostics           Full
      Events                No Access
      Helpdesk              Full
      Jobs                  No Access
      Machine Groups        No Access
      Network Monitor       No Access
      Packages              No Access
      Program Groups        No Access
      Queries               No Access
      Site Groups           View
      Sites                 View
      SNMP Traps            No Access

   NOTE: View permissions is the minimum for the Architectures object
   because this is required to be able to see the Sites window.

10. Click Security at the top menu and then click Save User. Repeat steps

   8-10 for each user that you had created in SQL Enterprise Manager. Close
   SMS Security Manager when you are finished.

To notify the clients of this new group, you must perform the steps below. these steps involve making a change to the registry.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

1. On the servers that you DO NOT want the help desk group to have access

   to, go to HKLM\SOFTWARE\MICROSOFT\SMS\CLIENT SERVICE\REMOTE CONTROL and
   change the Override Site Permitted Viewer List option to 1.

2. In the Systems Management Server Administrator program, open the Site

   Properties by selecting the site in the Sites window, clicking File
   menu, and then clicking Properties.

3. Click Clients and select the Proposed Properties radio button, followed

   by the now-enabled Options button.

4. In the Allow Access For These Users box, add the new Remote Control

   group to the list.

5. Click OK until you have closed out of the Site Properties. Then click

   Yes to update the site.

6. Using a text editor such as Notepad, open and save the System.map file

   WITHOUT making any changes. Doing this causes all clients to begin the
   Upgrade process upon the next client logon. For more information, see
   the following article in the Microsoft Knowledge Base:

      ARTICLE-ID: Q166771
      TITLE     : SMS: How to Force Site-Wide Client Updates

This procedure allows a system administrator to off-load the remote control responsibilities to the help desk or other group if the SQL Server is using Standard security.

Additional query words: smsremctrl smsrc RC prodsms helpdesk SEM

Keywords          : smsremtshoot 
Version           : WINNT:1.2
Platform          : winnt
Issue type        : kbhowto

Last Reviewed: August 13, 1998