Users and Groups automatically added to SMS Admins

Posted: August 13, 2013 in Configuration Manager, Information, System Center
Tags: , ,

Here’s a neat thing I’ve just discovered. When you add a new “Administrative User” in Configuration Manager 2012 and assign them to a security role, that user or group is automatically added into the local “SMS Admins” group on all servers.

Removing the user/group will also remove them from the local SMS Admins group. So now that’s one less headache to worry about when it comes to giving permissions to the SMS Provider for console access and scripting.

This is a hierarchy wide thing as well, so it doesn’t matter where you set it, it will apply for all servers, and will set it on all servers automatically.

  1. Pradeep says:

    Thank you, this post was very useful, as I was trying the other way round, by adding the group directly to “SMS Admins”. Now I got it, and my problem was fixed.

  2. Lee Seeman says:

    I am also seeing in our SIEM that $ accounts get automatically added to the ‘sms admins’ group. Verifying if this is noise, or not.

    • Scott says:

      When you say $ accounts do you mean the computer accounts? If they are a ConfigMgr server then they would also potentially end up in there, or if some role has been assigned to them such as read-only permissions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s