SMS: The SMS Admins Group Needs Launch Permissions to the Windows Management Service (215015)
The information in this article applies to:
- Microsoft Systems Management Server 2.0
This article was previously published under Q215015 SYMPTOMS
When installing Microsoft Systems Management Server (SMS) version 2.0, by default, members of the "SMS Admins" local group cannot start the Windows Management service unless they also have administrator-level rights or unless they log on locally.
This becomes an issue when members of the "SMS Admins" group attempt to connect to the SMS Database by way of a remote administrator console and they are unable to connect to the SMS Provider because the Windows Management service stopped or suffered a General Protection Fault.
The default Distributed COM (DCOM) security settings enable only an administrator or the locally logged on user to start a program. If the Windows Management service stops for any reason, it cannot be restarted by the connection attempts from the remote SMS administrator console, unless the logged-in user is a domain administrator.
WORKAROUND
To enable the remote SMS administrator consoles to restart the Windows Management service when you connect, manually change the DCOM startup security settings as follows by using the DCOM Configuration utility, Dcomcnfg.exe: - Log on as the administrator of the computer where the SMS provider is installed (the site server or the site database computer).
- Run the DCOM Configuration tool (Dcomcnfg.exe).
- On the Applications tab, click Windows Management, and then click Properties.
- In the Windows Management Properties dialog box, click the Security tab.
- Click Use custom launch permissions, and then click Edit.
- In the Registry Value Permissions dialog box, click Add.
- Scroll through the names until you find the "SMS Admins" group, select it, and then click Add.
This change must always take place on the SMS Site Server; if the SMS Provider is installed on the SQL Server, it must take place there as well.
STATUS
Microsoft has confirmed this to be a problem in Systems Management Server version 2.0.
Modification Type: | Minor | Last Reviewed: | 2/13/2006 |
---|
Keywords: | kbBug KB215015 |
---|
|